MalwareBazaar_MCP

What is MalwareBazaar_MCP?

MalwareBazaar_MCP is an AI-driven MCP (Multi-Cloud Platform) server designed to interact autonomously with Malware Bazaar. Its primary function is to provide real-time threat intelligence and malware sample metadata, catering specifically to authorized cybersecurity research workflows.

How to use MalwareBazaar_MCP?

To use MalwareBazaar_MCP, follow these steps:

1. Create a MalwareBazaar API Key: Obtain an API key from the official Malware Bazaar website.
2. Create a .env file: Configure your API key in a .env file as MALWAREBAZAAR_API_KEY=<APIKEY>.
3. Set up Virtual Environment and Install Requirements:
   • MAC/Linux: Use uv to create a virtual environment, activate it, and install dependencies from requirements.txt.
   • Windows: Similar to MAC/Linux, use uv to set up the environment and install requirements.
4. Add Configuration to MCP Client: Configure the MCP client with the malwarebazaar server details, including the command and arguments to run malwarebazaar_mcp.py.
5. Run MCP Server: Execute uv run malwarebazaar_mcp.py to start the server.
6. Run MCP Client & Query: Interact with the server using the MCP client, for example, by querying for the latest hash from Malware Bazaar.
7. Run Tests (Optional): Use unittest and coverage to run tests and generate coverage reports.

Key Features of MalwareBazaar_MCP

MalwareBazaar_MCP offers the following key features:

• AI-driven Automation: Autonomously interfaces with Malware Bazaar.
• Real-time Threat Intelligence: Provides up-to-the-minute threat information.
• Sample Metadata Delivery: Delivers detailed metadata about malware samples.
• MCP Tools:
  • get_recent: Retrieves up to 10 most recent samples.
  • get_info: Fetches detailed metadata for a specific sample.
  • get_file: Allows downloading of malware samples.
  • get_taginfo: Retrieves samples associated with a specific tag.

Use Cases of MalwareBazaar_MCP

• Cybersecurity Research: Researchers can leverage the tool to quickly access and analyze malware samples and threat intelligence.
• Malware Analysis: Automate the process of obtaining and examining malware details.
• Threat Hunting: Proactively identify and investigate new threats using real-time data.
• Security Operations Centers (SOCs): Integrate into existing workflows for enhanced threat detection and response.

FAQ from MalwareBazaar_MCP

• How do I get a MalwareBazaar API key? You can create one at https://auth.abuse.ch/user/me.
• What is uv? uv is a tool used for Python package management and virtual environment creation, as indicated in the installation steps.
• Can I run this on Windows? Yes, specific instructions are provided for Windows users to set up the virtual environment and run the server.
• How do I query the MCP server? After setting up, you can use the MCP client to send queries, such as "Help me understand the latest hash from Malware Bazaar."
• What kind of information can I get about malware samples? You can get recent samples, detailed metadata, download files, and find samples by specific tags.

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

MCP Tools

get_recent: Get up to 10 most recent samples from MalwareBazaar.

get_info: Get detailed metadata about a specific malware sample.

get_file: Download a malware sample from MalwareBazaar.

get_taginfo: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create .env

MALWAREBAZAAR_API_KEY=<APIKEY>

Step 3a: Create Virtual Env & Install Requirements - MAC/Linux

curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

Step 3b: Create Virtual Env & Install Requirements - Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt

Step 4a: Add Config to the MCP Client - MAC/Linux

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 4b: Add Config to the MCP Client - Windows

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 5: Run MCP Server

uv run malwarebazaar_mcp.py

Step 6: Run MCP Client & Query

Help me understnad the latest hash from Malware Bazaar.

Step 7: Run Tests

python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0