Malware Bazaar
Version: 1.2
Updated: Jul 05, 2023
MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
Actions​
- Get Hash Info (Enrichment) - You can check if a particular malware sample is known to MalwareBazaar by query the API for the corresponding hash.
- Query Filetype (Enrichment) - You can get a list of recent malware samples (max 1'000) having a specific filetype by query the API.
- Query Signature (Enrichment) - You can get a list of recent malware samples (max 1'000) associated with a specific signature by query the API.
- Query Tag (Enrichment) - You can get a list of malware samples (max 1'000) associated with a specific tag by query the API.
MalwareBazaar configuration​
- Visit Abuse website.
- Sign up using your favorite account.
- Click on your account profile.
- Copy the content of the Your API-Key field.
MalwareBazaar in Automation Service and Cloud SOAR​
- Access integrations in the Automation Service or Cloud SOAR.
- After the list of the integrations appears, search/look for the integration and click on the row.
- The integration details will appear. Click on the "+" button to add new Resource.
- Populate all the required fields (*) and then click SAVE.
- Label. The name for the resource.
- URL. The base API URL for WithSecure Elements. Default: 'https://mb-api.abuse.ch/'.
- API Key. The API key previously obtained.
- To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
- Click TEST SAVED SETTINGS.
- You should receive a successful notification in the bottom right corner.
Category​
Threat Intelligence-Reputation
Change Log​
- September 01, 2020 (v1.0) - First Upload
- June 14, 2023 (v1.1) - Added 3 actions:
- Query Filetype
- Query Tag
- Query Signature
- July 5, 2023 (v1.2) - Removed leading/trailing spaces