Skip to main content

Malware Bazaar

malware-bazaar

Version: 1.2
Updated: Jul 05, 2023

MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.

Actions​

  • Get Hash Info (Enrichment) - You can check if a particular malware sample is known to MalwareBazaar by query the API for the corresponding hash.
  • Query Filetype (Enrichment) - You can get a list of recent malware samples (max 1'000) having a specific filetype by query the API.
  • Query Signature (Enrichment) - You can get a list of recent malware samples (max 1'000) associated with a specific signature by query the API.
  • Query Tag (Enrichment) - You can get a list of malware samples (max 1'000) associated with a specific tag by query the API.

MalwareBazaar configuration​

  1. Visit Abuse website.
  2. Sign up using your favorite account.
    malware-bazaar-1
  3. Click on your account profile.
  4. Copy the content of the Your API-Key field.
    malware-bazaar-2

Configure MalwareBazaar in Automation Service and Cloud SOAR​

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

  1. Access integrations in the Automation Service or Cloud SOAR.
  2. After the list of the integrations appears, search/look for the integration and click on the row.
  3. The integration details will appear. Click on the "+" button to add new Resource.
    malware-bazaar-5
  4. Populate all the required fields (*) and then click SAVE.
    • Label. The name for the resource.
    • URL. The base API URL for WithSecure Elements. Default: 'https://mb-api.abuse.ch/'.
    • API Key. The API key previously obtained.
      malware-bazaar-6
  5. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
    malware-bazaar-7
  6. Click TEST SAVED SETTINGS.
    malware-bazaar-8
  7. You should receive a successful notification in the bottom right corner.
    malware-bazaar-9

Category​

Threat Intelligence-Reputation

Change Log​

  • September 01, 2020 (v1.0) - First Upload
  • June 14, 2023 (v1.1) - Added 3 actions:
    • Query Filetype
    • Query Tag
    • Query Signature
  • July 5, 2023 (v1.2) - Removed leading/trailing spaces
Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.