msticpy.context.tiproviders.mblookup module
MalwareBazaar TI Provider.
- class msticpy.context.tiproviders.mblookup.MBEntityType(value)
Bases:
Enum
MBEntityType: Enum class for MalwareBazaar entity types.
- CLAMAV = 'clamav'
- CODESIGNISSUER = 'issuerinfo'
- CODESIGNSN = 'certificate'
- CODESIGNSUBJECT = 'subjectinfo'
- DHASH = 'dhash'
- FILETYPE = 'filetype'
- GIMPHASH = 'gimphash'
- HASH = 'hash'
- IMPHASH = 'imphash'
- SIGNATURE = 'signature'
- TAG = 'tag'
- TELFHASH = 'telfhash'
- TLSH = 'tlsh'
- YARA = 'yara'
- class msticpy.context.tiproviders.mblookup.MBlookup(mb_key: str | None = None)
Bases:
object
MBlookup Python Class wrapper for MalwareBazaar API.
Init function to get the API key if necessary.
- get_recent(selector: str) DataFrame
Get the recent MB additions.
- Parameters:
selector (str) – Get the latest sample from the last 60 min.
- Returns:
The results of the latest addition.
- Return type:
pd.DataFrame
- lookup_ioc(observable: str, mb_type: str, limit: int = 10) DataFrame
Lookup for IOC in MalwareBazaar.
- Parameters:
observable (str) – The observable to lookup. It can be a hash, a signature
mb_type (str) – The type of the observable. It can be a hash, a signature (refer to MBEntityType).
limit (int, optional) – The number of results to return, default is 100 or 50 in some cases, by default 10
- Returns:
The results of the lookup.
- Return type:
pd.DataFrame
- Raises:
KeyError – If invalid IoC type is provided.