MDATP File Hash Indicators

%3CLINGO-SUB%20id%3D%22lingo-sub-2014058%22%20slang%3D%22en-US%22%3EMDATP%20File%20Hash%20Indicators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2014058%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20am%20not%20allowed%20to%20upload%20MD5%20file%20hashes%20into%20the%20Indicators%20Tab%20for%20Microsoft%20Defender%20Security%20Center.%20It%20also%20shows%20a%20message%20that%20MD5%20file%20hash%20method%20is%20not%20recommended.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20around%20500%20MD5%20hashes%20for%20IOCs%20which%20I%20need%20to%20upload.%20Is%20there%20a%20way%20around%20through%20which%20I%20can%20cover%20these%20MD5%20file%20hashes%20to%20SHA-1%20or%20SHA-256%20and%20then%20upload%20in%20Defender%20Security%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2014058%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMDATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20defender%20for%20Endpoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2027574%22%20slang%3D%22en-US%22%3ERe%3A%20MDATP%20File%20Hash%20Indicators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2027574%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20now%20resolved.%20Used%20the%20Virustotal%20api%20to%20get%20the%20corresponding%20SHA-256%20hash%20for%20MD5Hash.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20MD5%20hashes%20where%20there%20were%20no%20results%20on%20Virus%20Total%2C%20raised%20the%20case%20with%20Microsoft.%20I%20believe%20some%20changes%20were%20done%20from%20MS%20end%20after%20which%20I%20got%20MD5%20file%20hashes%20uploaded.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,

I am not allowed to upload MD5 file hashes into the Indicators Tab for Microsoft Defender Security Center. It also shows a message that MD5 file hash method is not recommended.

 

I have around 500 MD5 hashes for IOCs which I need to upload. Is there a way around through which I can cover these MD5 file hashes to SHA-1 or SHA-256 and then upload in Defender Security Center.

1 Reply

This is now resolved. Used the Virustotal api to get the corresponding SHA-256 hash for MD5Hash.

 

For the MD5 hashes where there were no results on Virus Total, raised the case with Microsoft. I believe some changes were done from MS end after which I got MD5 file hashes uploaded.