Threat Intelligence Feeds

Malware is always evolving and organizations are constantly on the lookout for how to best protect themselves from targeted attacks. OPSWAT has been protecting enterprise infrastructure for over a decade. From our experience protecting large enterprise deployments, we have found that the most effective process for protecting organizations is to devise different strategies for protection against known versus unknown threats. One of the best methods for addressing known threats is to implement blacklists. Blacklists provide protection against malware in an effective and efficient manner. They have a low-implementation cost and are easily understood by system administrators. These attributes make the solution a perfect fit for large and small enterprises.

Blacklists are able to curb exposure to widespread and trivial threats by monitoring network traffic. One of the most common use cases is to have blacklists block network access based on data present in network protocols, such as IP address, domain name, and URL. Unfortunately, those parameters alone are insufficient for protection against threats, so organizations are also monitoring files that are passing through their network. Many network administration and security tools, such as SIEMs, Proxies, Content-Aware Firewalls, and IDS/IPS, provide the plug-ins necessary to block files based on hash signature such as MD5, SHA1, and SHA256. By feeding those existing tools malware hash signatures, organizations are able to effectively protect themselves against threats.

OPSWAT's Threat Intelligence Feeds provide a blacklist of malware signatures against the most prevailing and widespread threats. OPSWAT offers the ability to leverage data collected from the MetaDefender Cloud community of users and customers. Our goal is to make organizations more secure, and to give developers, IT administrators, and users alike the information and tools to make that possible.

By using our Threat Intelligence Feeds, organizations can easily integrate MetaDefender Cloud threat intelligence data into their site, product, or solution.

Why use MetaDefender Cloud Threat Intelligence Feeds?

  • Latest data for malware research and identification
  • Strengthen defenses against current and new threats
  • Visibility into suspicious activities on the network

How to Integrate Threat Intelligence Feeds

The feeds list contains the top new malware hash signatures, including MD5, SHA1, and SHA256. Free api keys can consume 1,000 entries per day. These new malicious hashes have been spotted on the networks of MetaDefender Cloud users within the last 24 hours. Our feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence to our users.

MetaDefender Cloud Threat Intelligence Feeds can be delivered in 4 different formats: JSON, CSV, RSS and Bro.

Consume our feeds with curl

This data is available for all new and existing MetaDefender Cloud users and customers. Register for new OPSWAT Portal account or log in with existing account to obtain your MetaDefender Cloud API key which is required to access and download the feeds. The default limit per API key is 10 queries per hour.

Additionally, OPSWAT's MetaDefender Cloud feeds can be easily consumed by using the CSIRT Gadgets Foundation's Collective Intelligence Framework (CIF), a cyber threat intelligence management system.

Register new OPSWAT account

Expanded Commercial Version

For access to hundreds of thousands of unique threats every day, we also offer a commercial version of our Threat Intelligence Feeds. The commercial version can be easily integrated into your existing security information and event management (SIEM) system. Samples in the feeds contain SHA1, MD5, and SHA256 hashes. Visit and request a demo or contact our sales team for more information.

Leverage the data from the MetaDefender Cloud platform and start consuming our Threat Intelligence Feeds to identify the latest malware threats.

Install Chrome Extension