What is Malwarebazaar Mcp

MalwareBazaar_MCP is an AI-driven MCP server that autonomously connects with MalwareBazaar to provide real-time threat intelligence and sample metadata for authorized cybersecurity research workflows.

Use cases

Use cases include querying the latest malware hashes, analyzing malware samples, and integrating threat intelligence into cybersecurity tools and workflows.

How to use

To use MalwareBazaar_MCP, create a MalwareBazaar API key, set up a .env file with your API key, create a virtual environment, install the required packages, configure your MCP client, make the MCP server executable, and then run the MCP server and client to query for threat intelligence.

Key features

Key features include real-time threat intelligence delivery, automated interfacing with MalwareBazaar, and support for authorized cybersecurity research workflows.

Where to use

MalwareBazaar_MCP can be used in cybersecurity research, threat analysis, malware detection, and incident response.

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

MCP Tools

get_recent: Get up to 10 most recent samples from MalwareBazaar.

get_info: Get detailed metadata about a specific malware sample.

get_file: Download a malware sample from MalwareBazaar.

get_taginfo: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create .env

MALWAREBAZAAR_API_KEY=<APIKEY>

Step 3a: Create Virtual Env & Install Requirements - MAC/Linux

curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

Step 3b: Create Virtual Env & Install Requirements - Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt

Step 4a: Add Config to the MCP Client - MAC/Linux

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 4b: Add Config to the MCP Client - Windows

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 5: Run MCP Server

uv run malwarebazaar_mcp.py

Step 6: Run MCP Client & Query

Help me understnad the latest hash from Malware Bazaar.

Step 7: Run Tests

python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0