Skip to main content

Malware Bazaar

malware-bazaar

Version: 1.2
Updated: Jul 05, 2023

MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.

Actions

  • Get Hash Info (Enrichment) - You can check if a particular malware sample is known to MalwareBazaar by query the API for the corresponding hash.
  • Query Filetype (Enrichment) - You can get a list of recent malware samples (max 1'000) having a specific filetype by query the API.
  • Query Signature (Enrichment) - You can get a list of recent malware samples (max 1'000) associated with a specific signature by query the API.
  • Query Tag (Enrichment) - You can get a list of malware samples (max 1'000) associated with a specific tag by query the API.

MalwareBazaar configuration

  1. Visit Abuse website.
  2. Sign up using your favorite account.
    malware-bazaar-1
  3. Click on your account profile.
  4. Copy the content of the Your API-Key field.
    malware-bazaar-2

Configure MalwareBazaar in Automation Service and Cloud SOAR

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

  1. Access App Central and install the integration.
  2. Select the installed integration in the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource
  5. In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
  • Label. The name for the resource.
  • URL. The base API URL for WithSecure Elements. Default: 'https://mb-api.abuse.ch/'.
  • API Key. The API key previously obtained.
    malware-bazaar-6

For information about MalwareBazaar, see MalwareBazaar documentation.

Category

Threat Intelligence-Reputation

Change Log

  • September 01, 2020 (v1.0) - First Upload
  • June 14, 2023 (v1.1) - Added 3 actions:
    • Query Filetype
    • Query Tag
    • Query Signature
  • July 5, 2023 (v1.2) - Removed leading/trailing spaces
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.