Overview
MalwareBazaar_MCP is an AI-driven MCP server that autonomously interfaces with MalwareBazaar to provide up-to-date threat intelligence and sample metadata for authorized cybersecurity research workflows. It exposes MCP Tools such as get_recent (returns up to 10 of the most recent samples), get_info (retrieves detailed metadata about a specific sample), get_file (downloads a sample file), and get_taginfo (fetches samples associated with a given tag). The README guides users through obtaining a MalwareBazaar API key, creating a .env with MALWAREBAZAAR_API_KEY, and installing dependencies in a virtual environment across macOS, Linux, and Windows. After setup, users configure the MCP client with a MalwareBazaar server block, run the MCP server (uv run malwarebazaar_mcp.py), and use the MCP client to query data. The project emphasizes authorized use for research workflows and includes testing commands (unittest, coverage) and licensing under Apache 2.0.
Features
get_recent
Get up to 10 most recent samples from MalwareBazaar.
get_info
Get detailed metadata about a specific malware sample.
get_file
Download a malware sample from MalwareBazaar.
get_taginfo
Get malware samples associated with a specific tag.
Who Is This For?
- Threat Analysts:Fetch real-time threat intel and malware metadata from MalwareBazaar to support investigations.
- Cybersecurity Researchers:Access up-to-date malware samples and metadata for authorized research workflows.
- Incident Responders:Obtain latest samples and metadata to inform incident response and remediation.
