A curated collection of malicious file hashes (MD5 / SHA-1 / SHA-256) that can be used for blocking, detection and threat hunting across firewalls, EDR, SIEM, SOAR and other security platforms.
This repository provides regularly updated lists of malicious file hashes observed across various threat campaigns.
Security teams can use these lists to:
- Block known malicious files at firewall / endpoint level
- Enrich SOC investigations and threat hunting
- Improve detection capabilities by feeding hashes into SIEM/SOAR
- Automate IOC ingestion with EDR or XDR solutions
📢 Update Notice
• Date: 2026-01-02 11:29 IST
• Total Malicious Hashes:
MD5: 4054 (Each File 3000)
SHA1: 571 (Each File 1000)
SHA256: 80463 (Each File 60000)
/ ├── README.md
├── hashes/
│ ├── md5.txt
│ ├── sha1.txt
│ ├── sha256.txt
| Hash Type | Usage |
|----------|--------|
| MD5 | Lightweight integrity checks; some legacy systems |
| SHA-1 | Better integrity validation; still used by some tools |
| SHA-256 | Preferred industry standard; most reliable |
|----------|--------|
Choose a list under hashes/ (e.g., sha256.txt).
Examples:
-
Firewall: Add hashes to file checksum blocklist You can also use RAW link which is as follow:-
MD5:
SHA1:
SHA256:
- EDR/XDR: Import TXT or make it in JSON or CSV as IOC watchlist
- SIEM: Upload to threat intelligence module
- SOAR: Automate enrichment/response playbooks
Any detection or block event should be investigated.
We welcome community contributions!
- Only submit verified malicious hashes
- Provide metadata when possible
- Avoid duplicates
- Repository updated weekly or during major threat events
✅ Use at Your Own Risk Anyone using the data should test, verify, and implement it at their own risk, based on their own security policies and environment.
Amit Ambekar
GitHub: https://www.github.com/amitambekar510
Linkedin: https://www.linkedin.com/in/amitmilindambekar/
For issues or suggestions, raise an Issue in this repository.