MDATP File Hash Indicators

%3CLINGO-SUB%20id%3D%22lingo-sub-2014058%22%20slang%3D%22en-US%22%3EMDATP%20File%20Hash%20Indicators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2014058%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20am%20not%20allowed%20to%20upload%20MD5%20file%20hashes%20into%20the%20Indicators%20Tab%20for%20Microsoft%20Defender%20Security%20Center.%20It%20also%20shows%20a%20message%20that%20MD5%20file%20hash%20method%20is%20not%20recommended.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20around%20500%20MD5%20hashes%20for%20IOCs%20which%20I%20need%20to%20upload.%20Is%20there%20a%20way%20around%20through%20which%20I%20can%20cover%20these%20MD5%20file%20hashes%20to%20SHA-1%20or%20SHA-256%20and%20then%20upload%20in%20Defender%20Security%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2014058%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMDATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20defender%20for%20Endpoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi,

I am not allowed to upload MD5 file hashes into the Indicators Tab for Microsoft Defender Security Center. It also shows a message that MD5 file hash method is not recommended.

 

I have around 500 MD5 hashes for IOCs which I need to upload. Is there a way around through which I can cover these MD5 file hashes to SHA-1 or SHA-256 and then upload in Defender Security Center.

1 Reply

This is now resolved. Used the Virustotal api to get the corresponding SHA-256 hash for MD5Hash.

 

For the MD5 hashes where there were no results on Virus Total, raised the case with Microsoft. I believe some changes were done from MS end after which I got MD5 file hashes uploaded.