Top infected hashes

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/feed/infected

Summary

The feeds list contains the top searched for malware hash signatures, including MD5, SHA1, and SHA256. Free API keys can consume 1,000 entries per day. These top malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.

MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSO, RSS, CSV, and BRO.

If the format type provided is JSON ( /v3/feed/infected?type=json&page=1) , the response is formatted differently than the unformatted response type ( /v3/feed/infected?page=1). See response examples.

The number of entries per page is hardcoded to 1000 entries.

The number of pages that can be consumed by the apikey is dictated by the "limit_feed" field. E.g: if this field is set to a value 10,000, the apikey can consume the first 10 pages of the feed. The apikey can do as many requests as desired to the feed, and the limit is only applied to the maxim depth of the pages. There is no sorting applied to the feed.

Request

Header Parameters

 

Description

Allowed Values

Required

apikey

Gives rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Query Parameters

 

Description

Required

Default

Possible values

?page

page number

NO

1

A positive integer

?type

response format type

NO

-

json, bro, csv, rss

Response

The response is paginated, 1000 results per page.

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful response (unformatted)

{
"from": "2019-02-25T00:00:00.000Z",
"to": "2019-02-26T00:00:00.000Z",
"top_infected": [
{
"md5": "9498FF82A64FF445398C8426ED63EA5B",
"sha1": "36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B",
"sha256": "8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A",
"data_id": "bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW",
"total_avs": 37,
"total_detected_avs": 25,
"file_type_category": "E",
"file_type_extension": "exe",
"rank": 1,
"scan_results": {
"threat_name": "Trojan.Zbot.Win32.21"
}
},
{
"md5": "CAEF973033E593C625FB2AA34F7026DC",
"sha1": "D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692",
"sha256": "DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D",
"data_id": "bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU",
"total_avs": 37,
"total_detected_avs": 4,
"file_type_category": "E",
"file_type_extension": "exe",
"rank": 2,
"scan_results": {
"threat_name": "Gen:Variant.Barys.11503"
}
},
...
]
}
}

Example of json formatted response (type = JSON)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v4/feed/infected?type=json&page=1
[
{
"md5": "9498FF82A64FF445398C8426ED63EA5B",
"sha1": "36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B",
"sha256": "8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A",
"link": "https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
"total_avs": 37,
"total_detected_avs": 25,
"threat_name": "Trojan.Zbot.Win32.21",
"file_type_category": "E",
"file_type_extension": "exe",
"published": "2019-02-26"
},
{
"md5": "CAEF973033E593C625FB2AA34F7026DC",
"sha1": "D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692",
"sha256": "DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D",
"link": "https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
"total_avs": 37,
"total_detected_avs": 4,
"threat_name": "Gen:Variant.Barys.11503",
"file_type_category": "E",
"file_type_extension": "exe",
"published": "2019-02-26"
},
...
]

Example of rss formatted response (type = rss)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v4/feed/infected?type=rss&page=1
<?xml version='1.0' encoding='ISO-8859-1'?>
<rss version='2.0'>
<channel>
<link>https://api.metadefender.com/v3/feed/infected?type=rss</link>
<description>MetaDefender Cloud Top Threat Feed</description>
<language>en-US</language>
<copyright>Copyright 2019 OPSWAT, Inc. All rights reserved.</copyright>
<item>
<title>Trojan.Zbot.Win32.21</title>
<link>https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: 9498FF82A64FF445398C8426ED63EA5B, SHA1: 36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B, SHA256: 8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,
File Type Category: E, File Type Extension: exe,
Total Avs: 37, Total Detected Avs: 25</description>
<pubDate>2019-02-26</pubDate>
<author>MetaDefender Cloud (feedback@opswat.com)</author>
</item>
<item>
<title>Gen:Variant.Barys.11503</title>
<link>https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
<description>MD5: CAEF973033E593C625FB2AA34F7026DC, SHA1: D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692, SHA256: DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,
File Type Category: E, File Type Extension: exe,
Total Avs: 37, Total Detected Avs: 4</description>
<pubDate>2019-02-26</pubDate>
<author>MetaDefender Cloud (feedback@opswat.com)</author>
</item>
...
</channel>
</rss>

Example of csv formatted response (type = csv)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v4/feed/infected?type=csv&page=1
md5,sha1,sha256,link,threat_name,file_type_category,file_type_extension,published,total_avs,total_detected_avs
9498FF82A64FF445398C8426ED63EA5B,36F9CA40B3CE96FCEE1CF1D4A7222935536FD25B,8B2E701E91101955C73865589A4C72999AEABC11043F712E05FDB1C17C4AB19A,https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Trojan.Zbot.Win32.21,E,exe,2019-02-26,37,25
CAEF973033E593C625FB2AA34F7026DC,D5DD920BE5BCFEB904E95DA4B6D0CCCA0727D692,DB1AEC5222075800EDA75D7205267569679B424E5C58A28102417F46D3B5790D,https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Gen:Variant.Barys.11503,E,exe,2019-02-26,37,4
...

Example of bro formatted response (type = bro)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v4/feed/infected?type=bro&page=1
#fields indicator indicator_type meta.source meta.desc meta.url meta.do_notice meta.if_in
9498FF82A64FF445398C8426ED63EA5B Intel::FILE_HASH MetaDefender Trojan.Zbot.Win32.21 https://metadefender.opswat.com/results#!/file/bzE5MDIyNkJ5OE9kSUVRTDRTa0R1dVVWWElW/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH
CAEF973033E593C625FB2AA34F7026DC Intel::FILE_HASH MetaDefender Gen:Variant.Barys.11503 https://metadefender.opswat.com/results#!/file/bzE5MDIyNnIxUXhkR0dGRzhOUzFWeGR6R3RNTEU/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds T Files::IN_HASH
...

Example of a failed response:

{
"success": false,
"error": {
"code": 404008,
"messages": [
"The apikey was not found"
]
}
}

Description of response

md5

The hash of the file

sha1

The hash of the file

sha256

The hash of the file

link

The link to the scan results of the file in the MetaDefender Cloud website

total_avs

The total number of anti-malware engines that scanned this file

total_detected_avs

The total number of anti-malware engines that detected this file as being infected

threat_name

The name of the detected threat

file_type_category

Category for the file type. Please refer to Description of file categories for more information.

file_type_extension

The extension of the file based on file type

published

The date of the feed when this was published

Errors

Please refer to Errors for more information.

Sample code (NodeJS)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"feed",
"infected"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
'https://api.metadefender.com/v4/feed/infected?page=1' \
-H "apikey: ${APIKEY}"