MalwareBazaar
MalwareBazaar is a project operated by abuse.ch. The purpose of the project is to collect and share malware samples, helping IT-security researchers and threat analysts protect their constituency and customers from cyber threats.
Integrations
MalwareBazaar with Polarity
The Polarity - MalwareBazaar integration enables analysts to quickly search over 600k community submitted hashes. Enabling analysts to better understand the hash and immediate awareness that the hash is malware due to its presence in the platform.
Examples
MalwareBazaar Data Overview
- Summary Tags: When an analyst runs a search in the MalwareBazaar they can quickly tell what the file type of the hash is.
- Additional Details: When clicking into the details on the hash analysts are presented with additional context. Quickly they can understand information about the file name, how it is typically delivered, its file size, and when it was first seen. If analysts need more context they can even pivot back out to the MalwareBazaar.
- Community Comments: Not only can analysts view the additional details about the hash but also get information on what the community is seeing with the hash enabling even more insights.
- Tags: Finally analysts can also quickly see the tags associated with hash.
Related Resources
Built By Polarity
Playbooks
MalwareBazaar
With this Playbook app, you can automatically detonate, analyze, and submit files in MalwareBazaar from ThreatConnect to understand if they are malicious and return any contextualized telemetry. This all leads to more informed decision-making and more efficient remediation of malicious files through automation.
The following actions are available within the Playbook App:
- Submit File
- Get File Enrichment
- Advanced Request
This app can be found in the ThreatConnect App Catalog under the name: MalwareBazaar
Built By ThreatConnect