malware_hash {cymruservices} | R Documentation |
Retrieves malware hash metadata from the Malware Hash Registry
Description
The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that you can query the service for a computed MD5 or SHA-1 hash of a file and, if it is malware and the service knows about it, it returns the last time it's seen it along with an approximate anti-virus detection percentage.
Usage
malware_hash(hashes, timeout = getOption("timeout"))
Arguments
hashes |
vector of IPv4 address (character - dotted-decimal) |
timeout |
numeric: the timeout (in seconds) to be used for this connection. Beware that some OSes may treat very large values as zero: however the POSIX standard requires values up to 31 days to be supported. |
Value
data frame of BGP Origin ASN lookup results
-
sha1_md5
- hash queried for -
last_known_timestamp
- last known GMT timestamp associated with that hash -
detection_pct
- detection percentage across a mix of AV packages
If a socket connection cannot be made (i.e. a network problem on your
end or a service/network problem on their end), all columns will be
NA
.
Note
Attempting to enumerate the malware registry via the public service interface is not only impractical, it is also strictly prohibited. Contact Team Cymru if the public interface is insufficient for your needs and we may be able to come up with alternative arrangement. Also, A direct connection to TCP Port 43 (WHOIS) is required for most of these API functions to work properly.
See Also
http://www.team-cymru.org/IP-ASN-mapping.html
Examples
## Not run:
malware_hash(c("1250ac278944a0737707cf40a0fbecd4b5a17c9d",
"7697561ccbbdd1661c25c86762117613",
"cbed16069043a0bf3c92fff9a99cccdc",
"e6dc4f4d5061299bc5e76f5cd8d16610",
"e1112134b6dcc8bed54e0e34d8ac272795e73d74"))
## End(Not run)