Database with malware hashes

N

n1d0

New Member
Thread author
Apr 3, 2024
2
Hi everyone, I'm working on a cybersecurity project, and part of it involves comparing files to malware samples to determine if the scanned file is malware.

Therefore I need a database that contains malware hashes to perform this step.

If anyone knows of a site that contains something similar to what I require, I would appreciate it.
 
  • Like
Reactions: Jack
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Just malware hashes, you must use an API such as bazaar or VT API.

MalwareBazaar | API

API documentation
bazaar.abuse.ch bazaar.abuse.ch

Code: 
 tip.kaspersky.com/Help/Doc_data/en-US/ThreatLookupAPI.htm

Some of these APIs are not free, subscriptions are required as threat intelligence, specially when curated and properly checked for FPs is not free.
Many AV vendors offer APIs as well.
The Bazaar API should be free but it is plagued with false positives.
You implement it via HTTP Post request like this:
Code: 
wget --post-data "query=get_info&hash=7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754" https://mb-api.abuse.ch/api/v1/

In addition, the Sophos Sorel collection contains 20 million samples you can use to train ML models, be advised that you will also need a large number of safe files for false positives control.
ai.sophos.com

Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset | Sophos AI

The Sophos AI team is excited to announce the release of SOREL-20M (Sophos-ReversingLabs – 20 million) – a production-scale dataset […]
ai.sophos.com ai.sophos.com

I also found this, that contains more APIs, supposedly open source.
github.com

threat-hunting-with-notebooks/Open Source Threat Intel lookup using Requests API.ipynb at master · ashwin-patil/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources - ashwin-patil/threat-hunting-with-notebooks
github.com github.com
github.com

GitHub - jaegeral/security-apis: A collective list of public APIs for use in security. Contributions welcome

A collective list of public APIs for use in security. Contributions welcome - jaegeral/security-apis
github.com github.com
github.com

GitHub - keithjjones/cuckoo-api: API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org

API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org - keithjjones/cuckoo-api
github.com github.com
 
Last edited by a moderator:
  • Like
  • Applause
  • +Reputation
Reactions: Xtwillight, Zartarra, cryogent and 5 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
B-boy/StyLe/ said:
Too bad that Malc0de, MDL and clean-mx are no more. But the S!Ri site is still there:


Edit: I forgot about Malwshare:

MalShare

The MalShare Project is a community driven public malware repository that works to provide free access to malware samples and tooling to the infomation security community.
malshare.com
Click to expand...
I also used VxVault years ago. But now you need to apply to get access and I don't even know where
 
  • Like
Reactions: Trident and B-boy/StyLe/
N

n1d0

New Member
Thread author
Apr 3, 2024
2
Trident said:
Just malware hashes, you must use an API such as bazaar or VT API.

MalwareBazaar | API

API documentation
bazaar.abuse.ch bazaar.abuse.ch
Code: 
 tip.kaspersky.com/Help/Doc_data/en-US/ThreatLookupAPI.htm

Some of these APIs are not free, subscriptions are required as threat intelligence, specially when curated and properly checked for FPs is not free.
Many AV vendors offer APIs as well.
The Bazaar API should be free but it is plagued with false positives.
You implement it via HTTP Post request like this:
Code: 
wget --post-data "query=get_info&hash=7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754" https://mb-api.abuse.ch/api/v1/

In addition, the Sophos Sorel collection contains 20 million samples you can use to train ML models, be advised that you will also need a large number of safe files for false positives control.
ai.sophos.com

Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset | Sophos AI

The Sophos AI team is excited to announce the release of SOREL-20M (Sophos-ReversingLabs – 20 million) – a production-scale dataset […]
ai.sophos.com ai.sophos.com

I also found this, that contains more APIs, supposedly open source.
github.com

threat-hunting-with-notebooks/Open Source Threat Intel lookup using Requests API.ipynb at master · ashwin-patil/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources - ashwin-patil/threat-hunting-with-notebooks
github.com github.com
github.com

GitHub - jaegeral/security-apis: A collective list of public APIs for use in security. Contributions welcome

A collective list of public APIs for use in security. Contributions welcome - jaegeral/security-apis
github.com github.com
github.com

GitHub - keithjjones/cuckoo-api: API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org

API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org - keithjjones/cuckoo-api
github.com github.com
Click to expand...

Hello, Trident.

The Malware BaaZar website contains the information I am looking for. Thank you very much also for the documentation that you shared, it may be useful to me.
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Xtwillight, B-boy/StyLe/, cryogent and 2 others
B-boy/StyLe/

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
147
Kongo said:
I also used VxVault years ago. But now you need to apply to get access and I don't even know where
Click to expand...
That's true. However, the hashes are still visible (and that's what the OP asked for if I am not mistaken).
Also, the VT links are visible as well, and most malware researchers can download malware samples directly from VT.
So VxVault can still be useful. :):)
 
  • Like
Reactions: Xtwillight, cryogent, Trident and 1 other person

Similar threads

O
    • Like
    • Wow
Question Scanner find malware hidden in file with several functions?
Replies
25
Views
1,827
General Security Discussions
Oblivion99
O
eroniko
    • +Reputation
    • Like
Serious Discussion Looking for Help with YARA Rules for My Open-Source Antimalware Scanner
Replies
4
Views
414
General Security Discussions
eroniko
eroniko
Adrian Ścibor
    • +Reputation
    • Like
    • Applause
AVLab.pl Summary of the Advanced In-The-Wild Malware Test – September 2024
Replies
4
Views
440
Security Statistics and Reports
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top