Skip to main content

MalwareBazaar Feed

This Integration is part of the MalwareBazaar Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Use the MalwareBazaar Feed integration to get the list of malware samples added to MalwareBazaar within the last 60 minutes.

Configure MalwareBazaar Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for MalwareBazaar Feed.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLTrue
    Fetch indicatorsFalse
    Indicator ReputationIndicators from this integration instance will be marked with this reputation.False
    Source ReliabilityReliability of the source providing the intelligence data.True
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed.False
    Feed Fetch IntervalFalse
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    TagsSupports CSV values.False
    Create relationshipsFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

malwarebazzar-get-indicators#


Gets the feed indicators.

Base Command#

malwarebazzar-get-indicators

Input#

Argument NameDescriptionRequired
limitThe maximum number of results to return. The default value is 50. Default is 50.Optional

Context Output#

There is no context output for this command.

Command Example#

!malwarebazzar-get-indicators limit=3

Human Readable Output#

Indicators#

valuetyperawJSON
2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3Filesha256_hash: 2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3
sha3_384_hash: be865100f4cb963d9dbe6cd10b453cdfc7f5ee7f22975e7c7c8120a9631b797880f58ae842d02761f074429aeb160057
sha1_hash: 4068065df0d806c05b1bd6138bdb32f483c816a2
md5_hash: a76e2cdba762de201e0668178b03bec4
first_seen: 2021-10-04 11:26:00
last_seen: null
file_name: a76e2cdba762de201e0668178b03bec4.exe
file_size: 119016
file_type_mime: application/x-dosexec
file_type: exe
reporter: abuse_ch
origin_country: FR
anonymous: 0
signature: RedLineStealer
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1BBC33B3553DC8A28EBFE1F75B071120047F0D1CB6512EB5B9EC26CEA5E73B825A512E2
telfhash: null
ssdeep: 1536:5e1zHb1iaNk5mXKSr7y9zjbuRNdsnhuyq/dMV1dbknEjG6qTaoigNK:0S0X7y978snYyOdM9kEW9K
dhash_icon: null
tags: exe,
RedLineStealer
code_sign:
intelligence: {"clamav": null, "downloads": "1", "uploads": "1", "mail": null}
e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034aFilesha256_hash: e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a
sha3_384_hash: 362f8c4a885bacc2158dd1b1f3f96848b982ac94df8e67b930b0dc766369d08bdbb0c97b713a9a561d3f72be4c65f27c
sha1_hash: f59a1e433565255d52720f49ce0f4e52c29b78bf
md5_hash: f0e38ba220616f3b94a5f71712d52817
first_seen: 2021-10-04 11:13:59
last_seen: 2021-10-04 11:14:29
file_name: swift art.pdf.exe
file_size: 422912
file_type_mime: application/x-dosexec
file_type: exe
reporter: cocaman
origin_country: FR
anonymous: 0
signature: AgentTesla
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1CB94026823A7D314DE3483F43C18A69127FA742B151DD37C5E89E4ED3E52B748AE0A87
telfhash: null
ssdeep: 6144:6Axt05ERQ+3HwO0adBqsB9+U1eqjRISdJOyYge708qlv5/Mf76oAeEHm9E0:iESoZ4C9AWIzJgeCvlY5AeEKh
dhash_icon: null
tags: AgentTesla,
exe,
SWIFT
code_sign:
intelligence: {"clamav": null, "downloads": "30", "uploads": "2", "mail": null}
3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6Filesha256_hash: 3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6
sha3_384_hash: 1104c8634247f86d15f3e61faa68d7232f797936e3cf838b21052d4a9ebf52a6a523462e9e1ce3bdb9a13f5e51a5da86
sha1_hash: a5035ff9bd7264431a254a0b973864febfb19c7f
md5_hash: ca13a97b94b0e17f5d863a2290f10931
first_seen: 2021-10-04 11:13:49
last_seen: 2021-10-04 11:14:20
file_name: swift art.pdf.zip
file_size: 372101
file_type_mime: application/zip
file_type: zip
reporter: cocaman
origin_country: US
anonymous: 0
signature: AgentTesla
imphash: null
tlsh: T15A842305488BE237E7433679D60D0A4173D9399B0F15F6FAEC1B9B67AE811108EF49CA
telfhash: null
ssdeep: 6144:aI84xUdNqsB9+U1eq7RUSdROy8g27o8qpv5hM3N6sAIEPmh7hF8:Z84xyUA9gwUNng2avz2ZAImA/8
dhash_icon: null
tags: AgentTesla,
SWIFT,
zip
code_sign:
intelligence: {"clamav": null, "downloads": "25", "uploads": "2", "mail": null}