Database with malware hashes

[n1d0]

Hi everyone, I'm working on a cybersecurity project, and part of it involves comparing files to malware samples to determine if the scanned file is malware.

Therefore I need a database that contains malware hashes to perform this step.

If anyone knows of a site that contains something similar to what I require, I would appreciate it.

 

[Trident]

Just malware hashes, you must use an API such as bazaar or VT API.

MalwareBazaar | API

API documentation

bazaar.abuse.ch

https://docs.virustotal.com/reference/overview

 tip.kaspersky.com/Help/Doc_data/en-US/ThreatLookupAPI.htm

Some of these APIs are not free, subscriptions are required as threat intelligence, specially when curated and properly checked for FPs is not free.
Many AV vendors offer APIs as well.
The Bazaar API should be free but it is plagued with false positives.
You implement it via HTTP Post request like this:

wget --post-data "query=get_info&hash=7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754" https://mb-api.abuse.ch/api/v1/

In addition, the Sophos Sorel collection contains 20 million samples you can use to train ML models, be advised that you will also need a large number of safe files for false positives control.

Discover Sophos’ AI-Native Cybersecurity

Explore Sophos’ innovative AI technologies, combining deep learning, GenAI, and human expertise to deliver unmatched cyber threat protection, through the largest AI-native platform in the industry.

ai.sophos.com

I also found this, that contains more APIs, supposedly open source.

threat-hunting-with-notebooks/Open Source Threat Intel lookup using Requests API.ipynb at master · ashwin-patil/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources - ashwin-patil/threat-hunting-with-notebooks

github.com

GitHub - jaegeral/security-apis: A collective list of public APIs for use in security. Contributions welcome

A collective list of public APIs for use in security. Contributions welcome - jaegeral/security-apis

github.com

GitHub - keithjjones/cuckoo-api: API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org

API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org - keithjjones/cuckoo-api

github.com

 

[B-boy/StyLe/]

Too bad that Malc0de, MDL and clean-mx are no more. But the S!Ri site is still there:

VX Vault

vxvault.net

Edit: I forgot about Malwshare:

MalShare

The MalShare Project is a community driven public malware repository that works to provide free access to malware samples and tooling to the infomation security community.

malshare.com

 

[Kongo]

Too bad that Malc0de, MDL and clean-mx are no more. But the S!Ri site is still there:

VX Vault

vxvault.net

Edit: I forgot about Malwshare:

MalShare

The MalShare Project is a community driven public malware repository that works to provide free access to malware samples and tooling to the infomation security community.

malshare.com

I also used VxVault years ago. But now you need to apply to get access and I don't even know where

 

[n1d0]

Just malware hashes, you must use an API such as bazaar or VT API.

MalwareBazaar | API

API documentation

bazaar.abuse.ch

https://docs.virustotal.com/reference/overview

 tip.kaspersky.com/Help/Doc_data/en-US/ThreatLookupAPI.htm

Some of these APIs are not free, subscriptions are required as threat intelligence, specially when curated and properly checked for FPs is not free.
Many AV vendors offer APIs as well.
The Bazaar API should be free but it is plagued with false positives.
You implement it via HTTP Post request like this:

wget --post-data "query=get_info&hash=7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754" https://mb-api.abuse.ch/api/v1/

In addition, the Sophos Sorel collection contains 20 million samples you can use to train ML models, be advised that you will also need a large number of safe files for false positives control.

Discover Sophos’ AI-Native Cybersecurity

Explore Sophos’ innovative AI technologies, combining deep learning, GenAI, and human expertise to deliver unmatched cyber threat protection, through the largest AI-native platform in the industry.

ai.sophos.com

I also found this, that contains more APIs, supposedly open source.

threat-hunting-with-notebooks/Open Source Threat Intel lookup using Requests API.ipynb at master · ashwin-patil/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources - ashwin-patil/threat-hunting-with-notebooks

github.com

GitHub - jaegeral/security-apis: A collective list of public APIs for use in security. Contributions welcome

A collective list of public APIs for use in security. Contributions welcome - jaegeral/security-apis

github.com

GitHub - keithjjones/cuckoo-api: API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org

API for Cuckoo Malware Analysis Sandbox http://www.cuckoosandbox.org - keithjjones/cuckoo-api

github.com

Hello, Trident.

The Malware BaaZar website contains the information I am looking for. Thank you very much also for the documentation that you shared, it may be useful to me.

 

[B-boy/StyLe/]

I also used VxVault years ago. But now you need to apply to get access and I don't even know where

That's true. However, the hashes are still visible (and that's what the OP asked for if I am not mistaken).
Also, the VT links are visible as well, and most malware researchers can download malware samples directly from VT.
So VxVault can still be useful.