Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications.
As the world’s foremost WordPress security provider, Wordfence has an expertly curated database of nearly three and a half million unique malicious files. Most of the malware in our database is PHP, but we also have a selection of malicious JavaScript, ASP.NET, Python, and other languages used for web applications.
The Malware Hash feed contains the following information for each malicious file in our data set:
Wordfence Intelligence subscribers can download the entire feed or use its built-in sorting and filtering functionality to grab the most relevant data, making ingestion easy.
While the YARA rules that comprise our Malware Signatures feed detect 99.99% of the malicious files in our collection and are flexible enough to detect currently uncatalogued variants, hash-based detection is more practical, compatible, or performant for some applications. Additionally, access to our malware hashes can allow for detection of novel malware as soon as we identify and classify it, even before a production-ready signature can be released. The Malware Hash feed is updated every 15 minutes.
Threat Intelligence data feeds serve an important role in any organization with a Security Operations Center, Threat Intelligence team, or security-conscious IT department with a mandate to make their network more secure. Adding more data and context to the network traffic being analyzed is crucial to attaining and maintaining readiness.
Malware Hashes can be ingested into a number of platforms including as System Information and Events Monitors (SIEM), Security Orchestration, Automation, and Response platforms (SOAR), or even Extended Detection And Response platforms (XDR). This data can be used to determine if a host on a network has been compromised or if any traffic into or out of a network contains malicious files.
In addition malware hashes can be fed into threat intelligence platforms to add context around specific threats so your organization can better understand and attribute the techniques being deployed against it.
Wordfence Threat Intelligence feeds can also be integrated into custom solutions to effectively detect, block, and remediate malicious files at rest, or even on their way into the network. Web hosting providers can work with us to integrate a “powered by Wordfence Intelligence” product into their offerings, with all the efficiency of running on the whole server platform.
As a reminder, Wordfence tracks malware and blocks exploits targeting multiple web services, including non-WordPress services, across our network of four million protected WordPress sites. This gives us a unique level of visibility compared to other Threat Intelligence feeds on the market. All Wordfence Intelligence customers receive access to our IP Threat data feed, our Malware Signatures feed, our Malware Hash feed, and our WordPress Vulnerability Data feed.
If you are a Wordfence Free, Premium, Care, or Response customer and your host subscribes to Wordfence Intelligence, they can use it to protect not only your website but the websites of any other sites on the same server, which greatly improves the security of your own website. They can also use it to detect and shut down abuse originating from within their own network, making the entire internet safer.
Get in touch with us today for more information or to try out the feeds!
The post Wordfence Intelligence Launches New Malware Hash Feed! appeared first on Wordfence.