Top infected hashes
Request |
Value |
Method |
GET |
URL |
https://api.metadefender.com/v4/feed/infected |
This API is deprecated and will no longer be available starting May 1st, 2020. Please migrate to our Latest Infected Hashes Feed.
Summary
The feeds list contains the top searched for malware hash signatures, including MD5, SHA1, and SHA256. Free API keys can consume 1,000 entries per day. These top malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.
MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSO, RSS, CSV, and BRO.
If the format type provided is JSON (/feed/infected?type=json&page=1), the response is formatted differently than the unformatted response type ( /feed/infected?page=1). See response examples.
The number of entries per page is hardcoded to 1000 entries. The number of pages that can be consumed by the apikey is dictated by the "limit_feed" field. E.g: if this field is set to a value 10,000, the apikey can consume the first 10 pages of the feed. The apikey can do as many requests as desired to the feed, and the limit is only applied to the maxim depth of the pages. There is no sorting applied to the feed.
Request
Header Parameters
|
Description |
Allowed Values |
Required |
apikey |
Gives rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Query Parameters
|
Description |
Required |
Default |
Possible values |
?page |
Page number |
NO |
1 |
A positive integer |
?type |
Response format type |
NO |
- |
json, bro, csv, rss |
?category |
File type category. Only return hashes of this file type. |
NO |
- |
Response
The response is paginated, 1000 results per page.
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of a successful response (unformatted)
{
"from"
:
"2019-02-25T00:00:00.000Z"
,
"to"
:
"2019-02-26T00:00:00.000Z"
,
"top_infected"
: [
{
"md5"
:
"9498FF82A64FF445398C8426ED63EA5B"
,
"sha1"
:
"36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B"
,
"sha256"
:
"8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A"
,
"data_id"
:
"bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW"
,
"total_avs"
:
37
,
"total_detected_avs"
:
25
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
"rank"
:
1
,
"scan_results"
: {
"threat_name"
:
"Trojan.Zbot.Win32.21"
}
},
{
"md5"
:
"CAEF973033E593C625FB2AA34F7026DC"
,
"sha1"
:
"D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692"
,
"sha256"
:
"DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D"
,
"data_id"
:
"bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU"
,
"total_avs"
:
37
,
"total_detected_avs"
:
4
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
"rank"
:
2
,
"scan_results"
: {
"threat_name"
:
"Gen:Variant.Barys.11503"
}
},
...
]
}
}
Example of json formatted response (type = JSON)
$ curl -XGET -H
"Authorization: apikey XXX"
https:
//api.metadefender.com/v4/feed/infected?type=json&page=1
[
{
"md5"
:
"9498FF82A64FF445398C8426ED63EA5B"
,
"sha1"
:
"36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B"
,
"sha256"
:
"8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A"
,
"link"
:
"https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds"
,
"total_avs"
:
37
,
"total_detected_avs"
:
25
,
"threat_name"
:
"Trojan.Zbot.Win32.21"
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
"published"
:
"2019-02-26"
},
{
"md5"
:
"CAEF973033E593C625FB2AA34F7026DC"
,
"sha1"
:
"D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692"
,
"sha256"
:
"DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D"
,
"link"
:
"https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds"
,
"total_avs"
:
37
,
"total_detected_avs"
:
4
,
"threat_name"
:
"Gen:Variant.Barys.11503"
,
"file_type_category"
:
"E"
,
"file_type_extension"
:
"exe"
,
"published"
:
"2019-02-26"
},
...
]
Example of rss formatted response (type = rss)
$ curl -XGET -H
"Authorization: apikey XXX"
https:
//api.metadefender.com/v4/feed/infected?type=rss&page=1
<?xml version=
'1.0'
encoding=
'ISO-8859-1'
?>
<rss version=
'2.0'
>
<channel>
<link>https:
//api.metadefender.com/v3/feed/infected?type=rss</link>
<description>MetaDefender Cloud Top Threat Feed</description>
<language>en-US</language>
<copyright>Copyright
2019
OPSWAT, Inc. All rights reserved.</copyright>
<item>
<title>Trojan.Zbot.Win32.
21
</title>
<link>https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: 9498FF82A64FF445398C8426ED63EA5B, SHA1: 36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B, SHA256: 8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,
File Type Category: E, File Type Extension: exe,
Total Avs:
37
, Total Detected Avs:
25
</description>
<pubDate>
2019
-
02
-
26
</pubDate>
<author>MetaDefender Cloud (feedback
@opswat
.com)</author>
</item>
<item>
<title>Gen:Variant.Barys.
11503
</title>
<link>https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: CAEF973033E593C625FB2AA34F7026DC, SHA1: D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692, SHA256: DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,
File Type Category: E, File Type Extension: exe,
Total Avs:
37
, Total Detected Avs:
4
</description>
<pubDate>
2019
-
02
-
26
</pubDate>
<author>MetaDefender Cloud (feedback
@opswat
.com)</author>
</item>
...
</channel>
</rss>
Example of csv formatted response (type = csv)
$ curl -XGET -H
"Authorization: apikey ${APIKEY}"
https:
//api.metadefender.com/v4/feed/infected?type=csv&page=1
md5,sha1,sha256,link,threat_name,file_type_category,file_type_extension,published,total_avs,total_detected_avs
9498FF82A64FF445398C8426ED63EA5B,36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B,8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Trojan.Zbot.Win32.21,E,exe,2019-02-26,37,25
CAEF973033E593C625FB2AA34F7026DC,D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692,DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Gen:Variant.Barys.11503,E,exe,2019-02-26,37,4
...
Example of bro formatted response (type = bro)
$ curl -XGET -H
"Authorization: apikey ${APIKEY}"
https:
//api.metadefender.com/v4/feed/infected?type=bro&page=1
#fields indicator indicator_type meta.source meta.desc meta.url meta.do_notice meta.if_in
9498FF82A64FF445398C8426ED63EA5B Intel::FILE_HASH MetaDefender Trojan.Zbot.Win32.
21
https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH
CAEF973033E593C625FB2AA34F7026DC Intel::FILE_HASH MetaDefender Gen:Variant.Barys.
11503
https:
//metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH
...
Example of a failed response:
{
"error"
: {
"code"
:
404008
,
"messages"
: [
"The apikey was not found"
]
}
}
Description of response
md5 |
The hash of the file |
sha1 |
The hash of the file |
sha256 |
The hash of the file |
link |
The link to the scan results of the file in the MetaDefender Cloud website |
total_avs |
The total number of anti-malware engines that scanned this file |
total_detected_avs |
The total number of anti-malware engines that detected this file as being infected |
threat_name |
The name of the detected threat |
file_type_category |
Category for the file type. Please refer to Description of file categories for more information. |
file_type_extension |
The extension of the file based on file type |
published |
The date of the feed when this was published |
Errors
Please refer to Errors for more information.
Sample code (NodeJS)
var http = require(
"https"
);
var options = {
"method"
:
"GET"
,
"hostname"
: [
"api"
,
"metadefender"
,
"com"
],
"path"
: [
"v4"
,
"feed"
,
"infected"
],
"headers"
: {
"apikey"
: process.env.APIKEY
}
};
var req = http.request(options, function (res) {
var chunks = [];
res.on(
"data"
, function (chunk) {
chunks.push(chunk);
});
res.on(
"end"
, function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
Sample code (cURL)
curl -X GET \
'https://api.metadefender.com/v4/feed/infected?page=1'
\
-H
"apikey: ${APIKEY}"