M
API Matrix

MalwareBazaar API

Anti-malware / API Key Intermediate HTTPS
Varies by plan (check documentation)
77 Score
Grade B
Visit Official Site Compare Alternatives

Overview

MalwareBazaar is a free platform by abuse.ch where security researchers share malware samples along with metadata like file hashes, tags, and threat actor attribution. You can query samples by hash, download files, and search by malware family or tag. It is a go-to resource for threat intelligence and incident response workflows.

💡

Beginner Tip

The API uses POST requests with a JSON body containing a query field — read the docs at bazaar.abuse.ch/api carefully because the request format differs from typical REST APIs.

Available Data

stock price and symbol
open/close/high/low values
trading volume
market cap
historical price data

Example Response

JSON Response 
{
  "url": "https://example.com",
  "safe": true,
  "threat_level": "none",
  "categories": [
    "clean"
  ],
  "scan_date": "2025-01-15T10:00:00Z"
}

Field Reference

query_status Result of the query: ok, no_results, or an error string
data[].sha256_hash SHA256 hash of the malware sample, used as the primary identifier
data[].file_name Original filename of the malware sample as submitted
data[].file_type Detected file type such as exe, dll, or docm
data[].tags Researcher-applied tags identifying malware family or behavior, e.g. ransomware, emotet
data[].first_seen ISO 8601 timestamp when the sample was first submitted to MalwareBazaar

Implementation Example 

// ⚠️ Note: This URL may be a documentation page. Check official docs for actual API endpoint.
const url = "https://bazaar.abuse.ch/api/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

"query_status": "no_results" The hash or search term returned no matching samples
Verify the hash is correct and try alternate hash types (MD5, SHA1, SHA256); not all malware is in the database
"query_status": "illegal_search" The query field contains an unsupported value or the JSON body is malformed
Use only documented query types like get_info, get_file, or query; validate your JSON before sending
Connection timeout Download requests for large samples can time out on slow connections
Increase your HTTP client timeout to at least 30 seconds when downloading binary samples

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 10/20
🔒 Security 15/15
🛠 Developer XP 12/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS UNKNOWN
Category Anti-malware
Difficulty Intermediate
Verified: 2026-04-04

Similar APIs

View All →

AbuseIPDB

77

AbuseIPDB lets you check whether an IP address has been reported for malicious activity like spam, hacking, or DDoS attacks.

API Key Intermediate HTTPS

AlienVault Open Threat Exchange (OTX)

0

AlienVault Open Threat Exchange (OTX) provides programmatic access to ip/domain/url reputation via REST API.

API Key Intermediate HTTPS

CAPEsandbox

77

CAPEsandbox is an open-source malware analysis platform that executes suspicious files in an isolated environment and reports on their behavior.

API Key Intermediate HTTPS

Google Safe Browsing

77

Google Safe Browsing lets you check any URL against Google's constantly updated lists of phishing sites, malware distributors, and unwanted software.

API Key Intermediate HTTPS

MalDatabase

0

MalDatabase provides programmatic access to provide malware datasets and threat intelligence feeds via REST API.

API Key Intermediate HTTPS