Black or Gray Hash Sets
Release Date: 10 December 2018
Source: Whitehat Computer Forensics, LLC (The Hash Search Engine)
Formats: Encase, Forensic ToolKit (FTK), X-Ways, SleuthKit and Raw hash values (MD5/SHA1/SHA256).
Content Description: Notable / Suspicious / Significant hash values in one file.
Current Hash Values: 635,392
Amount recently removed as false positives: 189
Duplicate Hash Values Removed: Yes
NOTE: We continually compare known good / safe / non-threatening hash values derived from our Hash Search Engine and the US Government’s NSRL datasets for purposes of identifying potential “false-positives”. This release is to remove false positives ONLY during December 2018.
The attached zip file(s) represents ‘Notable’, ‘Suspicious’ or ‘Significant’ hash values involving possibly malicious and/or unwanted software and utilities including:
– SQL Injection Tools, Packers, Bruteforcing
– Flooders, Denial of Service (DoS)
– Defacers, Cracking, Rippers
– Recon, Killers, All in One (AIO) Tools
– Credit Card Generators, Key Generators, Sniffers
– Password Gathering, Nukers, Network Testing
– File Sharing artifacts from Peer-to-Peer (P2P) sites
– Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes)
– Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files).
These provided hash values can be utilized to assist in the identification of possibly threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, Malware Analysis, etc).