Request	Value
Method	GET
URL	https://api.metadefender.com/v4/feed/infected

Summary

The feeds list contains the top searched for malware hash signatures, including MD5, SHA1, and SHA256. Free API keys can consume 1,000 entries per day. These top malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.

MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSO, RSS, CSV, and BRO.

If the format type provided is JSON ( /v3/feed/infected?type=json&page=1) , the response is formatted differently than the unformatted response type ( /v3/feed/infected?page=1). See response examples.

The number of entries per page is hardcoded to 1000 entries.

The number of pages that can be consumed by the apikey is dictated by the "limit_feed" field. E.g: if this field is set to a value 10,000, the apikey can consume the first 10 pages of the feed. The apikey can do as many requests as desired to the feed, and the limit is only applied to the maxim depth of the pages. There is no sorting applied to the feed.

Request

Header Parameters

	Description	Allowed Values	Required
apikey	Gives rights to use the endpoint (API Authentication Mechanisms)	apikey	YES

Query Parameters

	Description	Required	Default	Possible values
?page	page number	NO	1	A positive integer
?type	response format type	NO	-	json, bro, csv, rss

Response

The response is paginated, 1000 results per page.

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful response (unformatted)

{
    "from": "2019-02-25T00:00:00.000Z",
    "to": "2019-02-26T00:00:00.000Z",
    "top_infected": [
        {
            "md5": "9498FF82A64FF445398C8426ED63EA5B",
            "sha1": "36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B",
            "sha256": "8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A",
            "data_id": "bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW",
            "total_avs": 37,
            "total_detected_avs": 25,
            "file_type_category": "E",
            "file_type_extension": "exe",
            "rank": 1,
            "scan_results": {
                "threat_name": "Trojan.Zbot.Win32.21"
            }
        },
        {
            "md5": "CAEF973033E593C625FB2AA34F7026DC",
            "sha1": "D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692",
            "sha256": "DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D",
            "data_id": "bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU",
            "total_avs": 37,
            "total_detected_avs": 4,
            "file_type_category": "E",
            "file_type_extension": "exe",
            "rank": 2,
            "scan_results": {
                "threat_name": "Gen:Variant.Barys.11503"
            }
        },
		...
       ]
    }
}

Example of json formatted response (type = JSON)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v4/feed/infected?type=json&page=1
 
[
    {
        "md5": "9498FF82A64FF445398C8426ED63EA5B",
        "sha1": "36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B",
        "sha256": "8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A",
        "link": "https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
        "total_avs": 37,
        "total_detected_avs": 25,
        "threat_name": "Trojan.Zbot.Win32.21",
        "file_type_category": "E",
        "file_type_extension": "exe",
        "published": "2019-02-26"
    },
    {
        "md5": "CAEF973033E593C625FB2AA34F7026DC",
        "sha1": "D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692",
        "sha256": "DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D",
        "link": "https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
        "total_avs": 37,
        "total_detected_avs": 4,
        "threat_name": "Gen:Variant.Barys.11503",
        "file_type_category": "E",
        "file_type_extension": "exe",
        "published": "2019-02-26"
    },
	...
]
    

Example of rss formatted response (type = rss)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v4/feed/infected?type=rss&page=1
 
<?xml version='1.0' encoding='ISO-8859-1'?>
<rss version='2.0'>
    <channel>
        <link>https://api.metadefender.com/v3/feed/infected?type=rss</link>
        <description>MetaDefender Cloud Top Threat Feed</description>
        <language>en-US</language>
        <copyright>Copyright 2019 OPSWAT, Inc. All rights reserved.</copyright>
        <item>
            <title>Trojan.Zbot.Win32.21</title>
            <link>https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
            <description>MD5: 9498FF82A64FF445398C8426ED63EA5B, SHA1: 36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B, SHA256: 8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,
                                File Type Category: E, File Type Extension: exe,
                                Total Avs: 37, Total Detected Avs: 25</description>
            <pubDate>2019-02-26</pubDate>
            <author>MetaDefender Cloud (feedback@opswat.com)</author>
        </item>
        <item>
            <title>Gen:Variant.Barys.11503</title>
            <link>https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
            <description>MD5: CAEF973033E593C625FB2AA34F7026DC, SHA1: D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692, SHA256: DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,
                                File Type Category: E, File Type Extension: exe,
                                Total Avs: 37, Total Detected Avs: 4</description>
            <pubDate>2019-02-26</pubDate>
            <author>MetaDefender Cloud (feedback@opswat.com)</author>
        </item>
	    ...
    </channel>
</rss>

Example of csv formatted response (type = csv)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v4/feed/infected?type=csv&page=1
 
md5,sha1,sha256,link,threat_name,file_type_category,file_type_extension,published,total_avs,total_detected_avs
9498FF82A64FF445398C8426ED63EA5B,36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B,8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Trojan.Zbot.Win32.21,E,exe,2019-02-26,37,25
CAEF973033E593C625FB2AA34F7026DC,D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692,DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Gen:Variant.Barys.11503,E,exe,2019-02-26,37,4
...

Example of bro formatted response (type = bro)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v4/feed/infected?type=bro&page=1
 
#fields	indicator	indicator_type	meta.source	meta.desc	meta.url	meta.do_notice	meta.if_in
9498FF82A64FF445398C8426ED63EA5B	Intel::FILE_HASH	MetaDefender	Trojan.Zbot.Win32.21	https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds	T	Files::IN_HASH
CAEF973033E593C625FB2AA34F7026DC	Intel::FILE_HASH	MetaDefender	Gen:Variant.Barys.11503	https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds	T	Files::IN_HASH
...

Example of a failed response:

{
    "success": false,
    "error": {
        "code": 404008,
        "messages": [
            "The apikey was not found"
        ]
    }
}

Description of response

md5	The hash of the file
sha1	The hash of the file
sha256	The hash of the file
link	The link to the scan results of the file in the MetaDefender Cloud website
total_avs	The total number of anti-malware engines that scanned this file
total_detected_avs	The total number of anti-malware engines that detected this file as being infected
threat_name	The name of the detected threat
file_type_category	Category for the file type. Please refer to Description of file categories for more information.
file_type_extension	The extension of the file based on file type
published	The date of the feed when this was published

Errors

Please refer to Errors for more information.

Sample code (NodeJS)

var http = require("https");
 
var options = {
  "method": "GET",
  "hostname": [
    "api",
    "metadefender",
    "com"
  ],
  "path": [
    "v4",
    "feed",
    "infected"
  ],
  "headers": {
    "apikey": process.env.APIKEY
  }
};
 
var req = http.request(options, function (res) {
  var chunks = [];
 
  res.on("data", function (chunk) {
    chunks.push(chunk);
  });
 
  res.on("end", function () {
    var body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});
 
req.end();

Sample code (cURL)

curl -X GET \
  'https://api.metadefender.com/v4/feed/infected?page=1' \
  -H "apikey: ${APIKEY}"

Top infected hashes