[ POST ] https://api.malcore.io/api/feed
Access the Malcore threat feed
Query Params
Mandatory params
feed_type hash|ioc|threat|ip
Acceptable parameters
hash_type string sha256|md5|ssdeep|crc32|imphash|sha1|sha512
time_filter integer[filter] d|m|s (days,minutes,seconds)
Request
Gather all SHA256 hashes from the last 7 days
curl -XPOST https://api.malcore.io/api/feed \
-H "apiKey: MY-API-KEY" \
--data "feed_type=hash&hash_type=sha256&time_filter=7d"
Gather all IOC's from the last 4 minutes with a score of 50 or more
curl -XPOST https://api.malcore.io/api/feed \
-H "apiKey: MY-API-KEY" \
--data "feed_type=ioc&time_filter=4m&score_filter=50"
Gather all threats with a score of 60 or more from the last 5 seconds and return crc32 hashes
curl -XPOST https://api.malcore.io/api/feed \
-H "apiKey: MY-API-KEY" \
--data "feed_type=threat&score_filter=60&hash_type=crc32&time_filter=5s"
Gather active threat actor IP addresses
curl -XPOST https://api.malcore.io/api/feed \
-H "apiKey: MY-API-KEY" \
--data "feed_type=ip"
Response
From feed_type=hash
🟢 200
[{
"hash": "xxxxxxxxxxxxxxx317daa8d09ddc0b1a9ade2114bbdc4885e67d9a66561ba4b0",
"upload_timestamp": "1699928907"
},
{
"hash": "xxxxxxxxxxxxxxx3c2a12185a7cbd460f2b14a52eacae7c5ffce9d61bcc02aff",
"upload_timestamp": "1699928908"
},
{
"hash": "xxxxxxxxxxxxxxx3de4a18999f7a420260b3a4665ba2b5b32aa39433ef79819df",
"upload_timestamp": "1699928908"
},
{
"hash": "xxxxxxxxxxxxxxx3698cbfc6cbb229c230d9fbb7be8f9dbb92d2e39bb47b8e5b",
"upload_timestamp": "1699928908"
},
{
"hash": "xxxxxxxxxxxxxxx39de08a0bcfa720864e276ed0bc93ce25df04dc5eec56d3ff",
"upload_timestamp": "1699928908"
},
...
]
From feed_type=ioc
🟢 200
[{
"xxxxxxxxxxxxxxxc07e3a0d04cfd63a77ce07a00d12f10a9bfd378e1a010802c1": {
"file_behavior": {
...
},
"file_exif_data": {
"code_signature": "...",
"compilation_timestamp": "...",
"file_information": {
...
"header_information": {
...
}
},
"mime_type": "application/x-msdownload",
"misc_information": {
...
},
"signature_info": {
...
}
},
"file_sizes": {
...
},
"hashes": {
...
},
"interesting_strings": [
...
],
"yara_rule": ...
},
"upload_timestamp": "1698279499"
}]
From feed_type=threat
🟢 200
[
{
"hash": "0xxxxxxxxx",
"score": 70,
"upload_timestamp": "1707840757"
}
],
From feed_type=ip
🟢 200
"information": {
"source": "honeypot",
"fetched": "2024-06-01 16:56:18",
"criteria": "active"
},
"list": [
"49.51.231.123",
"124.220.94.194",
"114.244.15.162",
"173.163.154.189",
"36.48.107.144",
"118.182.18.132",
"81.24.135.210",
"103.252.168.208",
"102.216.34.48",
"117.84.125.204",
"172.233.19.159",
"46.105.255.213",
"51.79.248.61",
"103.144.156.11",
"113.212.70.63",
"45.33.43.170",
"43.153.110.76",
"118.33.118.122",
...
]
🔴 404
Last updated