AbuseCH Malware Bazaar Integration

AbuseCH Malware Bazaar Integration

The creation of an Integration for AbuseCH Malware Bazaar, would be a very useful integration for Siemplify customers.

AbuseCH Malware Bazaar - https://bazaar.abuse.ch/

Somewhat similar to VirusTotal, the AbuseCH Malware Bazaar is a project to collect and share malware samples. However, it also includes many integrations that help analysts make determinations on the samples/hashes they seek information for. With partners like ReversingLabs, Intezer, Any.Run, UnpacMe, Hatching, JoeSecurity, and others....analysts get a much better picture of what they are analyzing.

Best of all, it is a free service that benefits all of security. You don't even need an API key to query all the information the Malware Bazaar has to offer.

The API (https://bazaar.abuse.ch/api/) has many query types, so you are not limited on just hashes. Query Types include: hash, tag, signature, ClamAV signature, imphash, TLSH, telfhash, YARA rule (name), Code Signing Certificat Issuer CN, Code Signing Certificate Subject CN, etc.

Other features include the ability to download the malware sample (for free)

Sample uploads are available as well, but will require a Twitter account.

2
2 votes

Open For Voting · Last Updated

Comments

  • ShakedTalShakedTal Community Team

    Hi @MNls, you mentioned in this post that you are working on an AbuseCH Malware Bazaar. Just wanted to make sure that you are aware that you can share the integration you created through your environment (I shared a link in my comment in your post on how to do it). Our team will then review it and once it's approved we will publish it to Siemplify's official marketplace as a Community integration. Feel free to contact me if you have any questions.

Sign In or Register to comment.