Top infected hashes

Request

Value

Method

GET

URL

https://api.metadefender.com/v3/feed/infected

Summary

The feeds list contains the top searched for malware hash signatures, including MD5, SHA1, and SHA256. Free api keys can consume 1,000 entries per day. These top malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.

MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSO, RSS, CSV and BRO.

If the format type provided is JSON ( /v3/feed/infected?type=json&page=1) , the response is formatted differently than the unformatted response type ( /v3/feed/infected?page=1). See response examples.

The number of entries per page is hardcoded to 1000 entries.

The number of pages that can be consumed by the apikey is dictated by the "limit_feed" field. E.g: if this field is set to a value 10,000, the apikey can consume the first 10 pages of the feed. The apikey can do as many requests as desired to the feed, and the limit is only applied to the maxim depth of the pages. There is no sorting applied to the feed.

Request

Header Parameters

 

Description

Allowed Values

Required

Authorization

Give rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

X-Threshold

Filter the results based on how many engines have detected the file as malicious. Default is 1.

Number

NO

Query Parameters

 

Description

Required

Default

Possible values

?page

page number

NO

1

A positive integer

?type

response format type

NO

-

json, bro, csv, rss

Response

The response is paginated, 1000 results per page.

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of response (unformatted)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?page=1
{
"success": true,
"data": {
"from": "2018-04-18T00:00:00.000Z",
"to": "2018-04-19T00:00:00.000Z",
"top_infected": [
{
"md5": "DB89D32D5E6E6C49AC6813830972802A",
"sha1": "A336FD60F3724837D9BE59B3D28C82180372385D",
"sha256": "11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA",
"data_id": "bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg",
"count": 324,
"file_type_category": "E",
"file_type_extension": "exe",
"total_avs": 36,
"total_detected_avs": 11,
"rank": 1,
"scan_results": {
"threat_name": "Win.Virus.Hublo-1"
}
},
{
"md5": "A4BCA22DB759A695DEB06CFDAEFD3FD1",
"sha1": "FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9",
"sha256": "26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33",
"data_id": "bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY",
"count": 324,
"file_type_category": "E",
"file_type_extension": "exe",
"total_avs": 36,
"total_detected_avs": 19,
"rank": 2,
"scan_results": {
"threat_name": "Win.Worm.Allaple-311"
}
},
]
}
}

Example of json formatted response (type = JSON)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?type=json&page=1
[
{
"md5": "DB89D32D5E6E6C49AC6813830972802A",
"sha1": "A336FD60F3724837D9BE59B3D28C82180372385D",
"sha256": "11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA",
"link": "https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
"threat_name": "Win.Virus.Hublo-1",
"file_type_category": "E",
"file_type_extension": "exe",
"total_avs": 36,
"total_detected_avs": 11,
"published": "2018-04-19"
},
{
"md5": "A4BCA22DB759A695DEB06CFDAEFD3FD1",
"sha1": "FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9",
"sha256": "26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33",
"link": "https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
"threat_name": "Win.Worm.Allaple-311",
"file_type_category": "E",
"file_type_extension": "exe",
"total_avs": 36,
"total_detected_avs": 11,
"published": "2018-04-19"
},
]

Example of rss formatted response (type = rss)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?type=rss&page=1
<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version="2.0">
<channel>
<link>https://api.metadefender.local:9999/v3/feed/infected?type=rss</link>
<description>MetaDefender Cloud Top Threat Feed</description>
<language>en-US</language>
<copyright>Copyright 2018 OPSWAT, Inc. All rights reserved.</copyright>
<item>
<title>Win.Virus.Hublo-1</title>
<link>https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: DB89D32D5E6E6C49AC6813830972802A, SHA1: A336FD60F3724837D9BE59B3D28C82180372385D, SHA256: 11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA,
File Type Category: E, File Type Extension: exe, Total Avs: 36, Total Detected Avs: 11
</description>
<pubDate>2018-04-19</pubDate>
<author>MetaDefender Cloud (feedback@opswat.com)</author>
</item>
<item>
<title>Win.Worm.Allaple-311</title>
<link>https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: A4BCA22DB759A695DEB06CFDAEFD3FD1, SHA1: FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9, SHA256: 26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33,
File Type Category: E, File Type Extension: exe,Total Avs: 36, Total Detected Avs: 19
</description>
<pubDate>2018-04-19</pubDate>
<author>MetaDefender Cloud (feedback@opswat.com)</author>
</item>
</channel>
</rss>

Example of csv formatted response (type = csv)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v3/feed/infected?type=csv&page=1
md5,sha1,sha256,link,threat_name,file_type_category,file_type_extension,published,total_avs,total_detected_avs
DB89D32D5E6E6C49AC6813830972802A,A336FD60F3724837D9BE59B3D28C82180372385D,11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA,https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Win.Virus.Hublo-1,E,exe,2018-04-19,36,11
A4BCA22DB759A695DEB06CFDAEFD3FD1,FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9,26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33,https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Win.Worm.Allaple-311,E,exe,2018-04-19,36,19

Example of bro formatted response

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v3/feed/infected?type=bro&page=1
#fields indicator indicator_type meta.source meta.desc meta.url meta.do_notice meta.if_in
DB89D32D5E6E6C49AC6813830972802A Intel::FILE_HASH MetaDefender Win.Virus.Hublo-1 https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH
A4BCA22DB759A695DEB06CFDAEFD3FD1 Intel::FILE_HASH MetaDefender Win.Worm.Allaple-311 https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH

Description of response

md5

The hash of the file

sha1

The hash of the file

sha256

The hash of the file

link

The link to the scan results of the file in the MetaDefender Cloud website

total_avs

The total number of anti malware engines that scanned this file

total_detected_avs

The total number of anti malware engines that detected this file as being infected

threat_name

The name of the detected threat

file_type_category

Category for file type. Please refer to Description of file categories for more information.

file_type_extension

The extension of the file based on file type

published

The date of the feed when this was published

Errors

Please refer to Errors for more information.

Sample code (NodeJS)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": "api.metadefender.com",
"path": "/v3/feed/infected",
"headers": {
"Authorization": "apikey " + process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
'https://api.metadefender.com/v3/feed/infected?page=1' \
-H 'Authorization: apikey ${APIKEY}'