MalwareBazaar

the malwarebazaar connector allows automated interaction with the malwarebazaar database, facilitating malware sample management and threat intelligence malwarebazaar is a community driven project that collects and shares malware samples, providing security researchers and incident responders with valuable threat intelligence the malwarebazaar connector for swimlane turbine enables users to add comments to malware samples, query specific malware samples, and upload new malware samples directly from the swimlane platform this integration empowers end users to enrich their threat intelligence, contribute to the cybersecurity community, and streamline malware analysis workflows without the need for complex coding limitations none to date supported versions this malwarebazaar connector uses the latest version additional docs malwarebazaar documentation https //bazaar abuse ch/api/#python prerequisites to effectively utilize the malwarebazaar connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the malwarebazaar api auth key your personal authentication key to access malwarebazaar's services authentication methods malwarebazaar api key authentication method to effectively utilize the malwarebazaar connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the malwarebazaar api auth key your personal authentication key to access the malwarebazaar services capabilities this malwarebazaar connector provides the following capabilities add a comment query a malware sample upload malware samples add a comment add a comment to a specific malware sample in malwarebazaar using the provided data body click here https //bazaar abuse ch/api/#commenting query a malware sample check the presence of a specific malware sample in the malwarebazaar database using the provided data body click here https //bazaar abuse ch/api/#query hash upload malware samples upload malware samples directly to malwarebazaar for analysis and sharing with the cybersecurity community click here https //bazaar abuse ch/api/#upload configurations malwarebazaar urlhaus authentication authenticates using host url and auth key to access configuration parameters parameter description type required url a url to the target host string required auth key the authentication key for accessing the api string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add a comment add a comment to a malware sample in malwarebazaar with the specified data body endpoint url api/v1/ method post input argument name type required description data body object required response data query string required the query type for the api sha256 hash string required the sha256 hash of the malware sample to which the comment is added comment string required the comment to be added to the malware sample output parameter type description status code number http status code of the response reason string response reason phrase query status string status value example \[ { "status code" 200, "response headers" { "server" "nginx/1 22 1", "date" "thu, 14 aug 2025 06 47 50 gmt", "content type" "application/json", "content length" "33", "strict transport security" "max age=15768000 ; includesubdomains, max age=31536000; includesubdomains", "permissions policy" "accelerometer=(), ambient light sensor=(), autoplay=(), camera=(), encrypted med ", "referrer policy" "strict origin when cross origin", "expect ct" "enforce, max age=86400", "content security policy" "default src 'self'; style src 'self'; script src 'self'; img src 'self'; object ", "cross origin embedder policy" "require corp; report to=\\"default\\"", "cross origin opener policy" "same origin; report to=\\"default\\"", "cross origin resource policy" "same site", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "query status" "success" } } ] query a malware sample checks for a specific malware sample in the malwarebazaar database using the provided data body endpoint url api/v1/ method post input argument name type required description data body object required response data query string required the query type for the api hash string required sha256, md5 or sha1 hash of the malware sample you want to query output parameter type description status code number http status code of the response reason string response reason phrase query status string status value data array response data example \[ { "status code" 200, "response headers" { "server" "nginx/1 22 1", "date" "thu, 14 aug 2025 06 44 30 gmt", "content type" "application/json", "transfer encoding" "chunked", "strict transport security" "max age=15768000 ; includesubdomains, max age=31536000; includesubdomains", "permissions policy" "accelerometer=(), ambient light sensor=(), autoplay=(), camera=(), encrypted med ", "referrer policy" "strict origin when cross origin", "expect ct" "enforce, max age=86400", "content security policy" "default src 'self'; style src 'self'; script src 'self'; img src 'self'; object ", "cross origin embedder policy" "require corp; report to=\\"default\\"", "cross origin opener policy" "same origin; report to=\\"default\\"", "cross origin resource policy" "same site", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "query status" "ok", "data" \[] } } ] upload malware samples upload malware samples to malwarebazaar for analysis and community sharing, requiring file inputs endpoint url api/v1/ method post input argument name type required description file object optional the malware sample you want to upload file string optional parameter for upload malware samples file name string optional name of the resource anonymous number optional if set to 1, your submission will be anonymous delivery method string optional delivery method used to spread this malware sample tags array optional list of tags allowed characters are \[a za z0 9 ] references object optional references for this malware sample any run array optional parameter for upload malware samples joe sandbox array optional parameter for upload malware samples malpedia array optional parameter for upload malware samples twitter array optional parameter for upload malware samples links array optional parameter for upload malware samples context object optional context for this malware sample dropped by md5 array optional parameter for upload malware samples dropped by sha256 array optional parameter for upload malware samples dropped by malware array optional parameter for upload malware samples comment string optional parameter for upload malware samples output parameter type description status code number http status code of the response reason string response reason phrase query status string status value example \[ { "status code" 200, "response headers" { "server" "nginx/1 22 1", "date" "tue, 19 aug 2025 07 46 34 gmt", "content type" "application/json", "content length" "34", "strict transport security" "max age=15768000 ; includesubdomains, max age=31536000; includesubdomains", "permissions policy" "accelerometer=(), ambient light sensor=(), autoplay=(), camera=(), encrypted med ", "referrer policy" "strict origin when cross origin", "expect ct" "enforce, max age=86400", "content security policy" "default src 'self'; style src 'self'; script src 'self'; img src 'self'; object ", "cross origin embedder policy" "require corp; report to=\\"default\\"", "cross origin opener policy" "same origin; report to=\\"default\\"", "cross origin resource policy" "same site", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "query status" "inserted" } } ] response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000,h3 29=" 443 "; ma=2592000 content length the length of the response body in bytes 34 content security policy http response header content security policy default src 'self'; style src 'self'; script src 'self'; img src 'self'; object src 'none' content type the media type of the resource application/json cross origin embedder policy http response header cross origin embedder policy require corp; report to="default" cross origin opener policy http response header cross origin opener policy same origin; report to="default" cross origin resource policy http response header cross origin resource policy same site date the date and time at which the message was originated thu, 14 aug 2025 06 47 50 gmt expect ct http response header expect ct enforce, max age=86400 permissions policy http response header permissions policy accelerometer=(), ambient light sensor=(), autoplay=(), camera=(), encrypted media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture in picture=(), speaker=(), usb=(), vr=() referrer policy http response header referrer policy strict origin when cross origin server information about the software used by the origin server nginx/1 22 1 strict transport security http response header strict transport security max age=15768000 ; includesubdomains, max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked via http response header via 1 1 google x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block