Threat Feed

[ POST ] https://api.malcore.io/api/feed

Access the Malcore threat feed

Query Params

Mandatory params

  • feed_type hash|ioc|threat

Acceptable parameters

  • hash_type string sha256|md5|ssdeep|crc32|imphash|sha1|sha512

  • time_filter integer[filter] d|m|s (days,minutes,seconds)

  • filter string

  • score_filter integer

Headers

  • apiKey string

Request

Gather all SHA256 hashes from the last 7 days

curl -XPOST https://api.malcore.io/api/feed \
    -H "apiKey: MY-API-KEY" \
    --data "feed_type=hash&hash_type=sha256&time_filter=7d"

Gather all IOC's from the last 4 minutes with a score of 50 or more

curl -XPOST https://api.malcore.io/api/feed \
    -H "apiKey: MY-API-KEY" \
    --data "feed_type=ioc&time_filter=4m&score_filter=50"

Gather all threats with a score of 60 or more from the last 5 seconds and return crc32 hashes

curl -XPOST https://api.malcore.io/api/feed \
    -H "apiKey: MY-API-KEY" \
    --data "feed_type=threat&score_filter=60&hash_type=crc32&time_filter=5s"

Response

From feed_type=hash

🟢 200

   [{
      "hash": "xxxxxxxxxxxxxxx317daa8d09ddc0b1a9ade2114bbdc4885e67d9a66561ba4b0",
      "upload_timestamp": "1699928907"
    },
    {
      "hash": "xxxxxxxxxxxxxxx3c2a12185a7cbd460f2b14a52eacae7c5ffce9d61bcc02aff",
      "upload_timestamp": "1699928908"
    },
    {
      "hash": "xxxxxxxxxxxxxxx3de4a18999f7a420260b3a4665ba2b5b32aa39433ef79819df",
      "upload_timestamp": "1699928908"
    },
    {
      "hash": "xxxxxxxxxxxxxxx3698cbfc6cbb229c230d9fbb7be8f9dbb92d2e39bb47b8e5b",
      "upload_timestamp": "1699928908"
    },
    {
      "hash": "xxxxxxxxxxxxxxx39de08a0bcfa720864e276ed0bc93ce25df04dc5eec56d3ff",
      "upload_timestamp": "1699928908"
    },
    ...
   ]

From feed_type=ioc

🟢 200

   [{
      "xxxxxxxxxxxxxxxc07e3a0d04cfd63a77ce07a00d12f10a9bfd378e1a010802c1": {
        "file_behavior": {
            ...
        },
        "file_exif_data": {
          "code_signature": "...",
          "compilation_timestamp": "...",
          "file_information": {
            ...
            "header_information": {
              ...
            }
          },
          "mime_type": "application/x-msdownload",
          "misc_information": {
            ...
          },
          "signature_info": {
            ...
          }
        },
        "file_sizes": {
           ...
        },
        "hashes": {
          ... 
        },
        "interesting_strings": [
          ...
        ],
        "yara_rule": ...      
      },
      "upload_timestamp": "1698279499"
    }]

From feed_type=threat

🟢 200

[
    {
      "hash": "0xxxxxxxxx",
      "score": 70,
      "upload_timestamp": "1707840757"
    }
  ],

🔴 404

{}
PreviousDynamic Analysis

Last updated