MalwareBazaar_MCP

This MCP server provides an AI-driven interface to Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows. It exposes tools to fetch recent samples, retrieve detailed metadata for a given sample, download sample files, and query samples by tag. The server is designed to run as a local service that your MCP client can query, enabling automated threat intelligence collection and analysis without manual browsing. To use it, configure your MCP client to point at this server and ensure the MALWAREBAZAAR_API_KEY is set in the environment so the server can authenticate with Malware Bazaar. Once running, you can call the tools to programmatically obtain the latest samples, investigate specific hashes, retrieve sample files, or search by tag information. The workflow supports integration into larger SOC automation, threat research notebooks, or incident response pipelines.

Prerequisites:

• Python 3.8+ installed on your system
• Access to Malware Bazaar API and an API key
• The MalwareBazaar_MCP repository checked out locally

Step-by-step:

1. Create and activate a Python environment (optional but recommended):
   • python -m venv .venv
   • source .venv/bin/activate # mac/linux
   • .venv\Scripts\activate # Windows
2. Install required Python dependencies:
   • pip install -r requirements.txt
3. Create an API key for Malware Bazaar and save it for the MCP server:
   • Obtain ключ from Malware Bazaar portal (as described in the README) and set it in the environment: MALWAREBAZAAR_API_KEY=<APIKEY>
4. Configure the MCP client to point to this server (see Step 4 in README):
   • For Linux/macOS: include the following in your MCP client config: { "mcpServers": { "malwarebazaar": { "description": "Malware Bazaar MCP Server", "command": "/path/to/python", "args": ["malwarebazaar_mcp.py"] } } }
   • For Windows: similar configuration using the appropriate python executable path
5. Run the MCP server:
   • python malwarebazaar_mcp.py
6. Test using the MCP client to query for recent samples or specific hashes as shown in the README examples.

Environment variable MALWAREBAZAAR_API_KEY is required for authenticating with Malware Bazaar. Ensure you keep the API key secure and do not commit it to version control. If you encounter authentication or rate-limit issues, verify the API key is active and has the necessary permissions. The MCP tools available are: get_recent (up to 10 of the most recent samples), get_info (metadata for a sample), get_file (download a sample file), and get_taginfo (samples associated with a tag). When downloading samples, ensure you have proper authorization and follow your organization's data handling policies.