Archivarix · Echo

malware-intel

MalwareBazaar (abuse.ch)

A free malware-sample repository from abuse.ch, holding millions of samples searchable by hash, tag or malware signature. Queries go through its API, which now requires a free abuse.ch Auth-Key (one key covers their related services). Use it when you have a suspicious file's hash and want to know whether it is a catalogued sample — or need the sample itself for analysis.

API key required
Search this archive

Why it’s useful & how it works

2026 CHANGE: now needs a FREE Auth-Key from auth.abuse.ch (was keyless pre-2024; one key covers MalwareBazaar/URLhaus/ThreatFox). POST form, JSON. Reachable both ways.

What’s inside

Millions of samples.

API access

POST https://mb-api.abuse.ch/api/v1/ (query=get_info, hash=); header Auth-Key

An API key is required — usually free; see the endpoints above for where to get one.

Access

Programmatic API access (a key may be required — see the API tag).

Homepage

https://bazaar.abuse.ch/