MalwareBazaar Feed

This Integration is part of the MalwareBazaar Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Use the MalwareBazaar Feed integration to get the list of malware samples added to MalwareBazaar within the last 60 minutes.

Configure MalwareBazaar Feed on Cortex XSOAR#

Navigate to Settings > Integrations > Servers & Services.
Search for MalwareBazaar Feed.

Click Add instance to create and configure a new integration instance.

Parameter	Description	Required
Server URL		True
Fetch indicators		False
Indicator Reputation	Indicators from this integration instance will be marked with this reputation.	False
Source Reliability	Reliability of the source providing the intelligence data.	True
Traffic Light Protocol Color	The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed.	False
Feed Fetch Interval		False
Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	False
Tags	Supports CSV values.	False
Create relationships		False
Trust any certificate (not secure)		False
Use system proxy settings		False

Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

malwarebazzar-get-indicators#

Gets the feed indicators.

Base Command#

malwarebazzar-get-indicators

Input#

Argument Name	Description	Required
limit	The maximum number of results to return. The default value is 50. Default is 50.	Optional

Context Output#

There is no context output for this command.

Command Example#

!malwarebazzar-get-indicators limit=3

Human Readable Output#

Indicators#
value type rawJSON
2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3 File sha256_hash: 2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3
sha3_384_hash: be865100f4cb963d9dbe6cd10b453cdfc7f5ee7f22975e7c7c8120a9631b797880f58ae842d02761f074429aeb160057
sha1_hash: 4068065df0d806c05b1bd6138bdb32f483c816a2
md5_hash: a76e2cdba762de201e0668178b03bec4
first_seen: 2021-10-04 11:26:00
last_seen: null
file_name: a76e2cdba762de201e0668178b03bec4.exe
file_size: 119016
file_type_mime: application/x-dosexec
file_type: exe
reporter: abuse_ch
origin_country: FR
anonymous: 0
signature: RedLineStealer
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1BBC33B3553DC8A28EBFE1F75B071120047F0D1CB6512EB5B9EC26CEA5E73B825A512E2
telfhash: null
ssdeep: 1536:5e1zHb1iaNk5mXKSr7y9zjbuRNdsnhuyq/dMV1dbknEjG6qTaoigNK:0S0X7y978snYyOdM9kEW9K
dhash_icon: null
tags: exe,
RedLineStealer
code_sign:
intelligence: {"clamav": null, "downloads": "1", "uploads": "1", "mail": null}
e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a File sha256_hash: e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a
sha3_384_hash: 362f8c4a885bacc2158dd1b1f3f96848b982ac94df8e67b930b0dc766369d08bdbb0c97b713a9a561d3f72be4c65f27c
sha1_hash: f59a1e433565255d52720f49ce0f4e52c29b78bf
md5_hash: f0e38ba220616f3b94a5f71712d52817
first_seen: 2021-10-04 11:13:59
last_seen: 2021-10-04 11:14:29
file_name: swift art.pdf.exe
file_size: 422912
file_type_mime: application/x-dosexec
file_type: exe
reporter: cocaman
origin_country: FR
anonymous: 0
signature: AgentTesla
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1CB94026823A7D314DE3483F43C18A69127FA742B151DD37C5E89E4ED3E52B748AE0A87
telfhash: null
ssdeep: 6144:6Axt05ERQ+3HwO0adBqsB9+U1eqjRISdJOyYge708qlv5/Mf76oAeEHm9E0:iESoZ4C9AWIzJgeCvlY5AeEKh
dhash_icon: null
tags: AgentTesla,
exe,
SWIFT
code_sign:
intelligence: {"clamav": null, "downloads": "30", "uploads": "2", "mail": null}
3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6 File sha256_hash: 3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6
sha3_384_hash: 1104c8634247f86d15f3e61faa68d7232f797936e3cf838b21052d4a9ebf52a6a523462e9e1ce3bdb9a13f5e51a5da86
sha1_hash: a5035ff9bd7264431a254a0b973864febfb19c7f
md5_hash: ca13a97b94b0e17f5d863a2290f10931
first_seen: 2021-10-04 11:13:49
last_seen: 2021-10-04 11:14:20
file_name: swift art.pdf.zip
file_size: 372101
file_type_mime: application/zip
file_type: zip
reporter: cocaman
origin_country: US
anonymous: 0
signature: AgentTesla
imphash: null
tlsh: T15A842305488BE237E7433679D60D0A4173D9399B0F15F6FAEC1B9B67AE811108EF49CA
telfhash: null
ssdeep: 6144:aI84xUdNqsB9+U1eq7RUSdROy8g27o8qpv5hM3N6sAIEPmh7hF8:Z84xyUA9gwUNng2avz2ZAImA/8
dhash_icon: null
tags: AgentTesla,
SWIFT,
zip
code_sign:
intelligence: {"clamav": null, "downloads": "25", "uploads": "2", "mail": null}

value	type	rawJSON
2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3	File	sha256_hash: 2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3 sha3_384_hash: be865100f4cb963d9dbe6cd10b453cdfc7f5ee7f22975e7c7c8120a9631b797880f58ae842d02761f074429aeb160057 sha1_hash: 4068065df0d806c05b1bd6138bdb32f483c816a2 md5_hash: a76e2cdba762de201e0668178b03bec4 first_seen: 2021-10-04 11:26:00 last_seen: null file_name: a76e2cdba762de201e0668178b03bec4.exe file_size: 119016 file_type_mime: application/x-dosexec file_type: exe reporter: abuse_ch origin_country: FR anonymous: 0 signature: RedLineStealer imphash: f34d5f2d4577ed6d9ceec516c1f5a744 tlsh: T1BBC33B3553DC8A28EBFE1F75B071120047F0D1CB6512EB5B9EC26CEA5E73B825A512E2 telfhash: null ssdeep: 1536:5e1zHb1iaNk5mXKSr7y9zjbuRNdsnhuyq/dMV1dbknEjG6qTaoigNK:0S0X7y978snYyOdM9kEW9K dhash_icon: null tags: exe, RedLineStealer code_sign: intelligence: {"clamav": null, "downloads": "1", "uploads": "1", "mail": null}
e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a	File	sha256_hash: e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a sha3_384_hash: 362f8c4a885bacc2158dd1b1f3f96848b982ac94df8e67b930b0dc766369d08bdbb0c97b713a9a561d3f72be4c65f27c sha1_hash: f59a1e433565255d52720f49ce0f4e52c29b78bf md5_hash: f0e38ba220616f3b94a5f71712d52817 first_seen: 2021-10-04 11:13:59 last_seen: 2021-10-04 11:14:29 file_name: swift art.pdf.exe file_size: 422912 file_type_mime: application/x-dosexec file_type: exe reporter: cocaman origin_country: FR anonymous: 0 signature: AgentTesla imphash: f34d5f2d4577ed6d9ceec516c1f5a744 tlsh: T1CB94026823A7D314DE3483F43C18A69127FA742B151DD37C5E89E4ED3E52B748AE0A87 telfhash: null ssdeep: 6144:6Axt05ERQ+3HwO0adBqsB9+U1eqjRISdJOyYge708qlv5/Mf76oAeEHm9E0:iESoZ4C9AWIzJgeCvlY5AeEKh dhash_icon: null tags: AgentTesla, exe, SWIFT code_sign: intelligence: {"clamav": null, "downloads": "30", "uploads": "2", "mail": null}
3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6	File	sha256_hash: 3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6 sha3_384_hash: 1104c8634247f86d15f3e61faa68d7232f797936e3cf838b21052d4a9ebf52a6a523462e9e1ce3bdb9a13f5e51a5da86 sha1_hash: a5035ff9bd7264431a254a0b973864febfb19c7f md5_hash: ca13a97b94b0e17f5d863a2290f10931 first_seen: 2021-10-04 11:13:49 last_seen: 2021-10-04 11:14:20 file_name: swift art.pdf.zip file_size: 372101 file_type_mime: application/zip file_type: zip reporter: cocaman origin_country: US anonymous: 0 signature: AgentTesla imphash: null tlsh: T15A842305488BE237E7433679D60D0A4173D9399B0F15F6FAEC1B9B67AE811108EF49CA telfhash: null ssdeep: 6144:aI84xUdNqsB9+U1eq7RUSdROy8g27o8qpv5hM3N6sAIEPmh7hF8:Z84xyUA9gwUNng2avz2ZAImA/8 dhash_icon: null tags: AgentTesla, SWIFT, zip code_sign: intelligence: {"clamav": null, "downloads": "25", "uploads": "2", "mail": null}