The Wordfence Intelligence Malware Hash Feed provides hashes of four different types for the content of over 3 million files that are known to be malicious.
If no parameters are provided, the feed will be returned in its entirety.
|fields||Array or Comma-delimited list||The list of fields to include in the response|
|omit-header||Boolean||If specified, the column headers will be omitted from the response|
|limit||Integer||The maximum number of results to include in the response|
|offset||Integer||The position, relative to the start of the result set (0), from which to return results. This can be used for paginating results.|
|sort||Array or string||The field(s) by which to sort the results|
|direction||Array or string||The direction in which to sort the results (
|<field-name>||String||Filter based on the value of the specified field. See “Filtering Results” for additional details.|
|Boolean||If present in the request query string, this parameter is interpreted as a boolean true, otherwise it will be interpreted as false|
Results may be filtered by specifying the field name and value in the query string. If multiple conditions are specified, they will be combined with a logical “and” operation.
By default filters are exact matches, but the following operators may be specified at the beginning of values if different conditions are desired.
||Equal (exact match; default behavior)|
||Less than or equal to|
||Greater than or equal to|
||Not equal to|
Response data is provided in the CSV (comma-separated values) format.
|md5||Hex||The MD5 hash|
|sha1||Hex||The SHA1 hash|
|sha256||Hex||The SHA256 hash|
|sha256_normalized||Hex||The normalized SHA256 hash|
|sightings||Integer||The total number of sightings of this hash|
|first_seen||Date||This earliest time this hash was encountered|
|last_seen||Date||The latest time this hash was encountered|
Date values are provided as strings in the following format:
YYYY– 4 digit year
MM– 2 digit year with leading zeroes
DD– 2 digit month with leading zeros
The asterisk character(
*) may be specified in field values to invoke wildcard matching. Wildcard matching may not be combined with any other operator.
The following hash types are available for each record in the feed:
For normalized hashes, whitespace characters are removed from the input data prior to computation. The following characters are considered whitespace for this purpose:
|Character||Escape Sequence||ASCII Code|