Request	Value
Method	GET
URL	https://api.metadefender.com/v3/feed/infected

Summary

The feeds list contains the top searched for malware hash signatures, including MD5, SHA1, and SHA256. Free api keys can consume 1,000 entries per day. These top malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.

MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSO, RSS, CSV and BRO.

If the format type provided is JSON ( /v3/feed/infected?type=json&page=1) , the response is formatted differently than the unformatted response type ( /v3/feed/infected?page=1). See response examples.

The number of entries per page is hardcoded to 1000 entries.

The number of pages that can be consumed by the apikey is dictated by the "limit_feed" field. E.g: if this field is set to a value 10,000, the apikey can consume the first 10 pages of the feed. The apikey can do as many requests as desired to the feed, and the limit is only applied to the maxim depth of the pages. There is no sorting applied to the feed.

Request

Header Parameters

	Description	Allowed Values	Required
Authorization	Give rights to use the endpoint (API Authentication Mechanisms)	apikey	YES
X-Threshold	Filter the results based on how many engines have detected the file as malicious. Default is 1.	Number	NO

Query Parameters

	Description	Required	Default	Possible values
?page	page number	NO	1	A positive integer
?type	response format type	NO	-	json, bro, csv, rss

Response

The response is paginated, 1000 results per page.

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of response (unformatted)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?page=1
{
    "success": true,
    "data": {
        "from": "2018-04-18T00:00:00.000Z",
        "to": "2018-04-19T00:00:00.000Z",
        "top_infected": [
            {
                "md5": "DB89D32D5E6E6C49AC6813830972802A",
                "sha1": "A336FD60F3724837D9BE59B3D28C82180372385D",
                "sha256": "11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA",
                "data_id": "bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg",
                "count": 324,
                "file_type_category": "E",
                "file_type_extension": "exe",
				"total_avs": 36,
				"total_detected_avs": 11,
                "rank": 1,
                "scan_results": {
                    "threat_name": "Win.Virus.Hublo-1"
                }
            },
            {
                "md5": "A4BCA22DB759A695DEB06CFDAEFD3FD1",
                "sha1": "FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9",
                "sha256": "26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33",
                "data_id": "bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY",
                "count": 324,
                "file_type_category": "E",
                "file_type_extension": "exe",
				"total_avs": 36,
				"total_detected_avs": 19,
                "rank": 2,
                "scan_results": {
                    "threat_name": "Win.Worm.Allaple-311"
                }
            },
       ]
    }
}

Example of json formatted response (type = JSON)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?type=json&page=1
 
[
    {
        "md5": "DB89D32D5E6E6C49AC6813830972802A",
        "sha1": "A336FD60F3724837D9BE59B3D28C82180372385D",
        "sha256": "11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA",
        "link": "https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
        "threat_name": "Win.Virus.Hublo-1",
        "file_type_category": "E",
        "file_type_extension": "exe",
		"total_avs": 36,	
		"total_detected_avs": 11,
        "published": "2018-04-19"
    },
    {
        "md5": "A4BCA22DB759A695DEB06CFDAEFD3FD1",
        "sha1": "FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9",
        "sha256": "26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33",
        "link": "https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=json&utm_source=www&utm_campaign=threat_feeds",
        "threat_name": "Win.Worm.Allaple-311",
        "file_type_category": "E",
        "file_type_extension": "exe",
		"total_avs": 36,
		"total_detected_avs": 11,
        "published": "2018-04-19"
    },
]
    

Example of rss formatted response (type = rss)

$ curl -XGET -H "Authorization: apikey XXX" https://api.metadefender.com/v3/feed/infected?type=rss&page=1
 
<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version="2.0">
    <channel>
            <link>https://api.metadefender.local:9999/v3/feed/infected?type=rss</link>
            <description>MetaDefender Cloud Top Threat Feed</description>
            <language>en-US</language>
            <copyright>Copyright 2018 OPSWAT, Inc. All rights reserved.</copyright>
            <item>
                <title>Win.Virus.Hublo-1</title>
                <link>https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
                <description>MD5: DB89D32D5E6E6C49AC6813830972802A, SHA1: A336FD60F3724837D9BE59B3D28C82180372385D, SHA256: 11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA,
                File Type Category: E, File Type Extension: exe, Total Avs: 36, Total Detected Avs: 11
                </description>
                <pubDate>2018-04-19</pubDate>
                <author>MetaDefender Cloud (feedback@opswat.com)</author>
            </item>
            <item>
                <title>Win.Worm.Allaple-311</title>
                <link>https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=rss&utm_source=www&utm_campaign=threat_feeds</link>
                <description>MD5: A4BCA22DB759A695DEB06CFDAEFD3FD1, SHA1: FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9, SHA256: 26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33,
                File Type Category: E, File Type Extension: exe,Total Avs: 36, Total Detected Avs: 19
                </description>
                <pubDate>2018-04-19</pubDate>
                <author>MetaDefender Cloud (feedback@opswat.com)</author>
            </item>
    </channel>
</rss>

Example of csv formatted response (type = csv)

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v3/feed/infected?type=csv&page=1
 
md5,sha1,sha256,link,threat_name,file_type_category,file_type_extension,published,total_avs,total_detected_avs
DB89D32D5E6E6C49AC6813830972802A,A336FD60F3724837D9BE59B3D28C82180372385D,11592EB11A421B79D91E6017F527489292612D2F1B8B5302FB70F6791C5CB4BA,https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Win.Virus.Hublo-1,E,exe,2018-04-19,36,11
A4BCA22DB759A695DEB06CFDAEFD3FD1,FD544BEA7093186C37BB8C0E47A94EFF2D1FFCB9,26D46A02CF6B6DC8CBDEAD3393EBC9B646674ECF8BC5FD4ABF773FFE88E61A33,https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=csv&utm_source=www&utm_campaign=threat_feeds,Win.Worm.Allaple-311,E,exe,2018-04-19,36,19

Example of bro formatted response

$ curl -XGET -H "Authorization: apikey ${APIKEY}" https://api.metadefender.com/v3/feed/infected?type=bro&page=1
 
#fields	indicator	indicator_type	meta.source	meta.desc	meta.url	meta.do_notice	meta.if_in
DB89D32D5E6E6C49AC6813830972802A	Intel::FILE_HASH	MetaDefender	Win.Virus.Hublo-1	https://metadefender.local/results#!/file/bzE4MDEyMlMxbmc5NkNFUUh6QmtXRmZrUFZueg/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds	T	Files::IN_HASH
A4BCA22DB759A695DEB06CFDAEFD3FD1	Intel::FILE_HASH	MetaDefender	Win.Worm.Allaple-311	https://metadefender.local/results#!/file/bzE3MDIwMUJKU2J4T01Fa19sU3lqbDV6SnZOMmY/regular?utm_medium=bro&utm_source=www&utm_campaign=threat_feeds	T	Files::IN_HASH

Description of response

md5	The hash of the file
sha1	The hash of the file
sha256	The hash of the file
link	The link to the scan results of the file in the MetaDefender Cloud website
total_avs	The total number of anti malware engines that scanned this file
total_detected_avs	The total number of anti malware engines that detected this file as being infected
threat_name	The name of the detected threat
file_type_category	Category for file type. Please refer to Description of file categories for more information.
file_type_extension	The extension of the file based on file type
published	The date of the feed when this was published

Errors

Please refer to Errors for more information.

Sample code (NodeJS)

var http = require("https");
 
var options = {
  "method": "GET",
  "hostname": "api.metadefender.com",
  "path": "/v3/feed/infected",
  "headers": {
	"Authorization": "apikey " + process.env.APIKEY
  }
};
 
var req = http.request(options, function (res) {
  var chunks = [];
    res.on("data", function (chunk) {
	chunks.push(chunk);
  });
  res.on("end", function () {
	var body = Buffer.concat(chunks);
	console.log(body.toString());
  });
});
 
req.end();

Sample code (cURL)

curl -X GET \
  'https://api.metadefender.com/v3/feed/infected?page=1' \
  -H 'Authorization: apikey ${APIKEY}' 

Top infected hashes