Managing Hash Groups
- David Ruel (Unlicensed)
Interrogate comes prepopulated with known MD-5 or SHA-1 Indicators of Compromise. Groups or combinations of groups may be selected at any time for searching across your endpoints.
Single hash value entry
Whether searching for single or multiple hash values, you must create a group in which to place your MD-5 or SHA-1.
Adding a single hash
- Create or edit a hash group
- Click on the Add Hash Values button at the bottom right of the edit grid
- Type or paste your hash value in the Add Hash dialog box.
- Click the plus sign to automatically add the hash value to your included column
- Repeat the process above with as many hash values as you would like, or create/import a hash list and use the instructions below for importing the list.
Hash Groups consist of a single or multiple MD-5, SHA-1 values or combinations of the two
Multiple hash values
Interrogate supports the importing of hash value lists. This saves you a great deal of time when importing a lot of hash values. Follow the steps below to import a keyword list.
A hash list is a simple .txt file with MD-5 or SHA-1 values on each line
Importing a hash list
- Create or edit a hash group
- Click on the Add Hash Values button at the bottom right of the edit grid
- Click on Browse in the Load Hash File area
- Browse to the location of your .txt file
- Click Upload
- Click Save Group
IOC Hash Groups
Download and import a hash list from Heureka's IOC database
- Identify which IOC group you would like to install on your system
- Click the link and select the download option
- Locate the downloaded zip file and (optionally) verify the SHA-1 Checksum provided in the download grid
- Follow the steps above to create/import your hash list as a group
Hash Group Name
It is recommend that you use the downloaded text file name as the name of your hash group. For example, if the downloaded text file is called "Evil_Malware.txt" we recommend a hash group name of "Evil_Malware".
