Frequently Asked Questions (FAQ)

Got a question? Hopefully, you’ll find the answer here! If not, please contact us using the contact form below, managed by our partner, Spamhaus:

What impact does the MalwareBazaar data have? What's the difference to VirusTotal? What formats is the MalwareBazaar data available in? What kind of files should I upload to MalwareBazaar? Code Signing Certificate Blocklist (CSCB) Can I use data from MalwareBazaar commercially? Terms of Services (ToS)

What impact does the MalwareBazaar data have?


So far, over 851'206 confirmed malware samples have been shared on the MalwareBazaar platform. With this intelligence, as a community, we have:

Your data is also contributing to the effectiveness and impact of Spamhaus’ datasets to enhance email and network protection while providing more context-rich data for threat hunting.

Read more about the impact of your contributions here.

What's the difference to VirusTotal?


One of the first questions that propably comes to your mind is: What's the difference between MalwareBazaar and Virustotal? VirusTotal is a great resource for threat intel and hunting malware. Unlike MalwareBazaar, VirusTotal is also a multi anti-virus scanner that allows you to asses whether a certain file is malicious or benign. However, VirusTotal has a handful limitations:

MalwareBazaar follows a different approach:

What formats is the MalwareBazaar data available in?


You can access malware samples from MalwareBazaar through several methods:

Spamhaus datasets that leverage data from MalwareBazaar:

What files should I upload to MalwareBazaar?


Before you start to submit malware samples to MalwareBazaar, please read the following submission policy:

Note: Should you repeatedly violate the submission policy documented above, your account may get banned from contributing to MalwareBazaar.

Code Signing Certificate Blocklist (CSCB)


MalwareBazaar maintains a list of code signing certificates used by threat actors to sign malware. Code signing certificates are dumped by ReversingLabs A1000 Malware Analysis Platform and manually vetted by abuse.ch. The CSCB is being generated every 5 minutes and availabe in CSV format. It can be downloaded here:

Can I use data from MalwareBazaar commercially?


Yes! You can use any data provided by MalwareBazaar for commercial and non-commercial purpose - for free. This includes reselling or ingeration into commercial products. However, I kindly ask you to have a quick look at the (very short) Terms of Services (ToS) at the end of this FAQ.

Download limit on the file download API


MalwareBazaar runs on Google Cloud infrastructure. Sadly, network egress traffic from Google Cloud is extremely expensive. We therefore had to restrict the number of file downloads on our file download API to 2,000 per IP address/day. For bulk downloads we recommend you to use the hourly and daily file exports of MalwareBazaar served by our datalake:

Should you have valid reasons to download more than 2,000 malware samples through the file download API per day, feel free to reach out to us using the Spamhaus Technology contact form:
https://www.spamhaus.com/#contact-form

Terms of Services (ToS)


By using the website of MalwareBazaar or any of it's services / datasets, you agree that: