@pipeworx/malwarebazaar

Connect: https://gateway.pipeworx.io/malwarebazaar/mcp · Install: one-click buttons

Tools: 5

MalwareBazaar (abuse.ch) MCP — malware sample metadata.

Tools

  • get_sample_info(hash)
  • search_tag(tag, limit?)
  • search_family(family, limit?)
  • search_signature(signature, limit?)
  • recent_samples(selector?)

Auth

  • Platform key: gateway env PLATFORM_ABUSECH_KEY (shared with threatfox).
  • BYO: ?_apiKey=<key> after registering at https://auth.abuse.ch.

Data source

https://mb-api.abuse.ch/api/v1/ — header Auth-Key, POST form-encoded.

Tools

  • get_sample_info — Metadata for a malware sample by hash (md5/sha1/sha256). Returns file type, signature, file_name, first/last seen, tags, family, intel sources.
  • search_tag — Find samples tagged with a string (e.g., “emotet”, “macro”, “exe”).
  • search_family — Find samples for a malware family name.
  • search_signature — Find samples matching a YARA / threat-intel signature.
  • recent_samples — Most recent samples in MalwareBazaar. Use the selector to pick a chunk size.

Tools

  • get_sample_info — Metadata for a malware sample by hash (md5/sha1/sha256). Returns file type, signature, file_name, first/last seen, tags, family, intel sources.
  • recent_samples — Most recent samples in MalwareBazaar. Use the selector to pick a chunk size.
  • search_family — Find samples for a malware family name.
  • search_signature — Find samples matching a YARA / threat-intel signature.
  • search_tag — Find samples tagged with a string (e.g., emotet , macro , exe ).

Regenerated from source · build May 21, 2026