MalwareBazaar Feed
MalwareBazaar Feed Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Use the MalwareBazaar Feed integration to get the list of malware samples added to MalwareBazaar within the last 60 minutes.
#
Configure MalwareBazaar Feed in CortexParameter | Description | Required |
---|---|---|
Server URL | True | |
Fetch indicators | False | |
Indicator Reputation | Indicators from this integration instance will be marked with this reputation. | False |
Source Reliability | Reliability of the source providing the intelligence data. | True |
Traffic Light Protocol Color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. | False |
Feed Fetch Interval | False | |
Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
Tags | Supports CSV values. | False |
Create relationships | False | |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
malwarebazzar-get-indicatorsGets the feed indicators.
#
Base Commandmalwarebazzar-get-indicators
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of results to return. The default value is 50. Default is 50. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!malwarebazzar-get-indicators limit=3
#
Human Readable Output#
Indicators
value type rawJSON 2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3 File sha256_hash: 2fd9985380a92fa918df25189e1023c27052355dc1c7f8a2d11339be7ddfc7d3
sha3_384_hash: be865100f4cb963d9dbe6cd10b453cdfc7f5ee7f22975e7c7c8120a9631b797880f58ae842d02761f074429aeb160057
sha1_hash: 4068065df0d806c05b1bd6138bdb32f483c816a2
md5_hash: a76e2cdba762de201e0668178b03bec4
first_seen: 2021-10-04 11:26:00
last_seen: null
file_name: a76e2cdba762de201e0668178b03bec4.exe
file_size: 119016
file_type_mime: application/x-dosexec
file_type: exe
reporter: abuse_ch
origin_country: FR
anonymous: 0
signature: RedLineStealer
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1BBC33B3553DC8A28EBFE1F75B071120047F0D1CB6512EB5B9EC26CEA5E73B825A512E2
telfhash: null
ssdeep: 1536:5e1zHb1iaNk5mXKSr7y9zjbuRNdsnhuyq/dMV1dbknEjG6qTaoigNK:0S0X7y978snYyOdM9kEW9K
dhash_icon: null
tags: exe,
RedLineStealer
code_sign:
intelligence: {"clamav": null, "downloads": "1", "uploads": "1", "mail": null}e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a File sha256_hash: e9dc15fdcf77dd8dde52392b63a79e43e39d85431434198f5103ced790f9034a
sha3_384_hash: 362f8c4a885bacc2158dd1b1f3f96848b982ac94df8e67b930b0dc766369d08bdbb0c97b713a9a561d3f72be4c65f27c
sha1_hash: f59a1e433565255d52720f49ce0f4e52c29b78bf
md5_hash: f0e38ba220616f3b94a5f71712d52817
first_seen: 2021-10-04 11:13:59
last_seen: 2021-10-04 11:14:29
file_name: swift art.pdf.exe
file_size: 422912
file_type_mime: application/x-dosexec
file_type: exe
reporter: cocaman
origin_country: FR
anonymous: 0
signature: AgentTesla
imphash: f34d5f2d4577ed6d9ceec516c1f5a744
tlsh: T1CB94026823A7D314DE3483F43C18A69127FA742B151DD37C5E89E4ED3E52B748AE0A87
telfhash: null
ssdeep: 6144:6Axt05ERQ+3HwO0adBqsB9+U1eqjRISdJOyYge708qlv5/Mf76oAeEHm9E0:iESoZ4C9AWIzJgeCvlY5AeEKh
dhash_icon: null
tags: AgentTesla,
exe,
SWIFT
code_sign:
intelligence: {"clamav": null, "downloads": "30", "uploads": "2", "mail": null}3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6 File sha256_hash: 3e1a48cb4283d83c729670dbdc69d6a8d5290a50bebc621baf7e0a72cd56ffb6
sha3_384_hash: 1104c8634247f86d15f3e61faa68d7232f797936e3cf838b21052d4a9ebf52a6a523462e9e1ce3bdb9a13f5e51a5da86
sha1_hash: a5035ff9bd7264431a254a0b973864febfb19c7f
md5_hash: ca13a97b94b0e17f5d863a2290f10931
first_seen: 2021-10-04 11:13:49
last_seen: 2021-10-04 11:14:20
file_name: swift art.pdf.zip
file_size: 372101
file_type_mime: application/zip
file_type: zip
reporter: cocaman
origin_country: US
anonymous: 0
signature: AgentTesla
imphash: null
tlsh: T15A842305488BE237E7433679D60D0A4173D9399B0F15F6FAEC1B9B67AE811108EF49CA
telfhash: null
ssdeep: 6144:aI84xUdNqsB9+U1eq7RUSdROy8g27o8qpv5hM3N6sAIEPmh7hF8:Z84xyUA9gwUNng2avz2ZAImA/8
dhash_icon: null
tags: AgentTesla,
SWIFT,
zip
code_sign:
intelligence: {"clamav": null, "downloads": "25", "uploads": "2", "mail": null}