Skip to content

Aggregation of lists of malicious hashes of malware that can be integrated into FortiGate firewalls and other products.

Notifications You must be signed in to change notification settings

romainmarcoux/malicious-hash

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Menu:

Statistics

Update of the following table: 2024-12-31 00:25 CEST

File Number of hashes
full-hash-md5 3 930
full-hash-sha1 416
full-hash-sha256 79 708

Introduction

[FR]

  • Agrégation de hash malveillants, publiés sur des liens malveillants, scindée en fichiers de 131 072 entrées au maximum pour être intégrées dans des pare-feux : Fortinet FortiGate et autres équipements.
  • Hash ordonnés en fonction du nombre de sources dans lesquelles ils apparaissent (Hash apparaissant dans le plus de sources sont donc dans le début de chaque fichier full-*-aa.txt).
  • Mise à jour toutes les heures
  • Implémentation dans les pare-feux FortiGate : lien
    • Menu "Security Fabric → External Connectors → Create New → Threat Feeds → Malware Hash"
    • Copier une URL dans la partie "Links" ci-dessous
    • Menu "Security Profiles → AntiVirus"
    • Activer "Use External Malware Block List"
    • Appliquer ensuite ce profil de sécurité dans vos "Firewall Policy" autorisant les protocoles HTTP/HTTPS en sortie (LAN > WAN)

[EN]

  • Aggregation of malicious hashes, published on malicious links, split into files of up to 131,072 entries to be integrated into firewalls: Fortinet FortiGate and other equipment.
  • Hashes ordered according to the number of sources in which they appear (Hashes appearing in the most sources are therefore in the beginning of each full-*-aa.txt file).
  • Updated every hour
  • Implementation in FortiGate firewalls: link
    • Menu "Security Fabric → External Connectors → Create New → Threat Feeds → Malware Hash"
    • Copy a URL in the "Links" section below
    • Menu "Security Profiles → AntiVirus"
    • Enable "Use External Malware Block List"
    • Then apply this security profile in your "Firewall Policy" authorizing HTTP/HTTPS protocols on output (LAN > WAN)

Files URLs

Each file must be implemented: hashes are not duplicated between files.

https://raw.githubusercontent.com/romainmarcoux/malicious-hash/main/full-hash-md5-aa.txt
https://raw.githubusercontent.com/romainmarcoux/malicious-hash/main/full-hash-sha1-aa.txt
https://raw.githubusercontent.com/romainmarcoux/malicious-hash/main/full-hash-sha256-aa.txt

Sources

Source Link Description
abuse.ch Malware Bazaar link Sharing malware samples
abuse.ch URLhaus link Payloads downloaded by malicious URLs less than 1 month ago
alienvault-malware-scan link Malware detected less than 4 months ago
alienvault-ragnar-locker link Payloads of RagnarLocker Ransomware
Banco do Brasil List of malicious hashes

Release Notes

  • 2024-03-02: Initial release with first sources: bazaar.abuse.ch, urlhaus.abuse.ch, alienvault-malware-scan, alienvault-ragnar-locker, Banco do Brasil.

To support me

BuyMeACoffee Paypal

Contact

[FR]

Contactez-moi via LinkedIn (mon profil) pour :

  • m'indiquer des faux positifs
  • être notifié quand un nouveau segment de fichier est créé (pour l'ajouter dans votre pare-feu)
  • me proposer d'ajouter une autre source de hash malveillants.

[EN]

Contact me via LinkedIn (my profile) to:

  • notify me false positives
  • be notified when a new file segment is created (to add it to your firewall)
  • suggest I add another source of malicious hashes.

About

Aggregation of lists of malicious hashes of malware that can be integrated into FortiGate firewalls and other products.

Topics

Resources

Stars

Watchers

Forks