# Malware Bazaar Lookup with MSTICpy

Author: Thomas Roccia | @fr0gger_

This notebook demonstrates the usage of the MalwareBazaar module for threat enrichment. 

More details can be found here: https://bazaar.abuse.ch/api/

In [1]:
# Import MBLookup from MSTICpy
from msticpy.context.tiproviders.mblookup import MBlookup

# Use the MBlookup class to get more details about the IOC.
mblookup = MBlookup()

## Lookup IOC
The lookup_ioc function can be used to request several element to Malware Bazaar. It doesn't require any API key.

To use the function you must specify the observable and the Malware Bazaar type.

The list of type is the following: 

* 'hash': the sha256 hash of your sample (nb: the module does not calculate the hash automatically)
* 'tag': the tag used on Malware Bazaar to retrieve a set of specific sample. You can use the 'limit' (default is 50)
* 'filetype': the type of files you want to retrieve. Limit is 50 by default
* 'clamav': the Clamav Signature that matches the samples you want to retrieve.
* 'imphash': the imphash of files you want to retrieve.
* 'dhash': the icon hash that matches the samples you want to retrieve.
* 'yara': the Yara rule that matches the samples. 
* 'tlsh': the tlsh that matches the samples.
* 'telfhash': the Telfhash that matches the samples.
* 'issuerinfo': the certificate issuer that is used in the matching samples. 
* 'subjectinfo': the certificate subject that used by the samples. 
* 'certifcate': the serial number of the certificate.


All that types must be specified in the mb_type variable with your IOC. The return of each will be a Pandas dataframe. The below examples shows how to use the module. 


### Single Hash

In [2]:
mbdetail = mblookup.lookup_ioc(observable='7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754', mb_type='hash')
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,vendor_intel.Triage.signatures,vendor_intel.Triage.malware_config,vendor_intel.ReversingLabs.threat_name,vendor_intel.ReversingLabs.status,vendor_intel.ReversingLabs.first_seen,vendor_intel.ReversingLabs.scanner_count,vendor_intel.ReversingLabs.scanner_match,vendor_intel.ReversingLabs.scanner_percent,vendor_intel.Spamhaus_HBL,vendor_intel.UnpacMe
0,7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85...,139b8890e573e4c759e4904902b3ece1b4b8c1fd7a49fc...,77543bde72105ae1a28cc71815d9ea89ea162052,c40aead7a31d14e05b2ee4a11849eced,2020-10-19 09:54:37,,New Order POA12990120 From Akweni Group.exe,903680,application/x-dosexec,exe,...,"[{'signature': 'Azorult', 'score': '10'}, {'si...","[{'extraction': 'c2', 'family': 'azorult', 'c2...",ByteCode-MSIL.Trojan.AgentTesla,MALICIOUS,2020-10-19 05:14:13,28,23,82.14,"[{'detection': 'malicious', 'link': 'https://w...",[{'sha256_hash': '7de2c1bf58bce09eecc70476747d...


### Latest samples that are tagged 'Trickbot'

In [3]:
mbdetail = mblookup.lookup_ioc(observable='trickbot', mb_type='tag', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd...,d602957f9e390a1b02b86632b7ce7a5a41654eb1d3ab63...,d02f452d01660387fd78d40e9f2405c3e38c9668,367b6a5c0e0e8ec68ea14a085b1d32b3,2022-06-23 09:55:13,2022-06-24 08:59:27,solar.php,679008,application/x-dosexec,exe,...,T1E6E4CF13FAE1C07AC6E311304FD6D7B866F6FA114E73...,,12288:nO4BydKj3ACZfNFEnw6qJxs3UPwgDrZiI0OSnnox...,b8a424fcecec6c70,"[exe, TrickBot]",[],,271,2,
1,7e8c547fcc86e26b973e4c974da8ee2c4cfe84846e2cdf...,c8152131d11565c08615b267a2b103c2a3e3a4de03c406...,ac0724c724f8d6e2a54b41b86d99aa189e40dc81,17492f7b9906b807cffd30e8a0edd993,2022-05-25 12:44:48,,bnuethogt.bin,550424,application/x-dosexec,exe,...,T10AC4022076E089B2D46D423688A7EF4A576BAE314F66...,,12288:QyeWT96x+MN2N4Bou8Bw1bFswwGFGvyLOE8uQnUK...,72f16979787a726c,"[exe, TrickBot]",[],,385,1,
2,268d8d0773f374ca2115ea390f21c9f8b35b3f26b6a578...,e1b644a79c4586b546bbaa2cb23172d4d6cec59a97ed98...,dc19c2df6578eaa95d4a14d0b42f928f538ba361,43e2e247ace410b482bbf0efead59e4a,2022-03-23 14:10:42,,VirusShare_ecbd64859cfcb61c2b1e04badeaa1902.zip,564908,application/zip,zip,...,T1AEC423237D1B2597D7F8C67C29A064DCC9C86D77C884...,,12288:2xA7Sqt4vek1qeHSuGUSq5NmzcMkYO1QedT5//id...,,"[RedLineStealer, TrickBot, zip]",[],[SecuriteInfo.com.Trojan.GenericKD.39327836.90...,468,1,
3,236f4e149402cba69141e6055a113a68f2bd8653936521...,8bfe50bdbc0e728854537a7cb921898c5519774a486c96...,7cb195e05a78a39cacb0c0d4d4fa23e4c3366785,e05d85acc62b2795bfb94a681e64e20f,2022-03-21 03:04:08,,sample2.exe,207360,application/x-dosexec,exe,...,T1D814021AEFBD04A7F045A57BA02B0A4D887B790247DE...,,6144:2LMNe5kFT/RK1WoJg4ouLl2pFUBm5iKsTFxcW3Qt0...,,"[exe, TrickBot]",[],"[Win.Dropper.TrickBot-7071016-0, Win.Dropper.T...",517,1,
4,bf374475be396528cdfd21a3eac292bb420e398ba9ee9a...,676c8853fb886d2c3b0fa4bffa1b35ef9cc3b619881d2c...,20c1b26ddd2ae336f811bf658fbbe24c011b6393,958c82aca0066454c7a8062c5b93c348,2022-03-14 09:04:03,2022-03-14 11:23:38,Client_documents_access_5506-2425.xlsm,164251,application/vnd.openxmlformats-officedocument....,xlsm,...,T1D6F39D079C248A12F5688BB9FE134D681B6D1A5DB4D2...,,3072:UDegPM4xKT72cL5RWU/S//////////25QMUMWhTHH...,,"[TrickBot, xlsm]",[],"[TwinWave.EvilDoc.DOCXSTRGOOD.XMLENTITY.HTTP, ...",462,2,
5,9b60ef3f360061599935dcbcf4aa96f13b4121f7ad88d5...,b2a8d5f88341d0d841d8eb7e1925aefc20d90f4e23b724...,fce99108000defd3fe02403e42fe30dfe71d7cb9,6ca672aef71cf09e1e75adac1ce93cd0,2022-02-10 21:37:26,,drntfn_Payment_Invoice.iso,616448,application/x-iso9660-image,iso,...,T1C9D46434E8A5D5DBCCEED6B55B027AE12142B75B3CF9...,,384:IjpcWSs3ZY95LqtQ9sNYxhr+qRbnM/MEMIM9MUMVu5...,,"[iso, N-W0rm, nworm, TrickBot]",[],[SecuriteInfo.com.Trojan.Siggen16.42919.5247.1...,690,1,
6,fcde8f225a14fe70009f32c4acfba0407b5fd6b0da5c2f...,df687c25df1e6c99177f9422b8c921f25bd24b35205556...,c1a72d736eb870684a190bad60d1da7d1292c37b,218c5b56132ee73c7a5ad2e5c96c64d4,2021-12-31 09:34:43,,218c5b56132ee73c7a5ad2e5c96c64d4.exe,422912,application/x-dosexec,exe,...,T1FD94F120B3E5C071D18721718A62CBB24FBA7C722591...,,6144:YFn61kciCuR6b15sZwkst8K5YHJHJ4wX4wp16SiVy...,e4d0d0f8e4e8d804,"[exe, top166, TrickBot]",[],[Win.Packed.Generickdz-9929038-0],931,1,
7,1a6bef8525a2b7eded1ea8c92e65cea20a08dc2fff175e...,5e52701ea01aec1f13be846809d29634449a2cd6b83f9a...,421b355c7b3311961359bea6e886a316e410bbf8,da42b3f16999890ffa59a2aa10a334e5,2021-12-30 07:39:42,,da42b3f16999890ffa59a2aa10a334e5.exe,422400,application/x-dosexec,exe,...,T1A594F11172D4C031E19721348A76CBB10FBABC7675A2...,,12288:5F61k9CuRQuCBifx5ABMQ2f6OArPtMZotp:fCuGl...,e4d0d0f8e4e8d804,"[exe, TrickBot]",[],,840,1,
8,01c69d0acc8734993ba9cbfe9b0da4616bb05041e103af...,a3612c1deff78976343e226fbcde7e7f70a396380ab1f0...,6010fb83b30adfeba34ac6f302c2c8e865cdc705,1e19cdc980488fb82c9245fde3ba28f8,2021-12-29 12:46:45,,1e19cdc980488fb82c9245fde3ba28f8.exe,422912,application/x-dosexec,exe,...,T15C94F120B3E5C071D18721718A62CBB24FBA7C722591...,,6144:YFn61kciCuRBb15sZwkst8K5YHJHJ4wX4wp16SiVy...,e4d0d0f8e4e8d804,"[exe, top166, TrickBot]",[],,719,1,
9,5c032f85c0a9a4a551f6c0057ecc78aec6b625df77fcbf...,53576688e522d84b6e976c933eab2d7eb74a0930666d40...,0cb109a1a37622d8147d11b1b5ffbe858388707b,e9d4ef1a8d0371d5760cd8a815cf1acd,2021-12-29 01:36:34,,SecuriteInfo.com.W32.AIDetect.malware1.29332.2...,422400,application/x-dosexec,exe,...,T18C94F11172D4C031E19721348A76CBB10FBABC7675A2...,,12288:5F61k9CuREuCBifx5ABMQ2f6OArPtMZotp:fCuOl...,e4d0d0f8e4e8d804,"[exe, TrickBot]",[],[SecuriteInfo.com.W32.AIDetect.malware1.29332....,656,1,


### Latest executable samples

In [4]:
mbdetail = mblookup.lookup_ioc(observable='exe', mb_type='filetype', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,9837175405e1d89accd96816ff1ed332730fc6dcfba557...,257e1e0b3d4f6e53fe8f4b69427d2870efb2f6f2727a83...,572a40283caad2647d7e787be4bf32553171230c,288acfb5abb8ae41ce0607757015bc0e,2022-07-01 13:04:46,,Requirement.exe,713728,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T174E4F148F265E9E5E89D07BD24B144D56F30D725E9AF...,,12288:HJVxG2iNmUaeviSCYRbjW9SPRy6iAYWOfUlvWB/v...,,[exe],,96,1,
1,56aaae9b32451fd5a1ff7bd209639a078b3f17fc4e4649...,d9ab10bb26fe6c46514dab809d29a8e7996bbf8f090569...,5abc4eb96423741f393b4feaca87a507a2d188fb,7688026a3b5012f282d4d11b19607341,2022-07-01 13:03:09,,UPDATTED S O A.exe,755200,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T17DF4189D325C71DEC877C9B2DA981D64EA61717FA31B...,,12288:Cxm1tNj2iNu0Re41mc5BN6lMTlX3YYfI5YFMAUZm...,,"[AgentTesla, exe]",,90,1,
2,e68548b4ffe3683047af134fdf21848c4e81ee20c56423...,c716b016818fca93a972c9525025ca7d6a8a6f7fadf4c4...,f2744e6d48a65149817c5eab89729fcf59e7be5b,eb3673c2b92b1bc3d81edab84b0c1ab4,2022-07-01 12:30:50,,eb3673c2b92b1bc3d81edab84b0c1ab4,340480,application/x-dosexec,exe,...,02f63119936073eaadaaf3e2d82a4979,T1A974D01072C0C032D59725764524CBB88EBFB8652937...,,6144:PZL7A/lArkBDzLtSGsSyj11QemnInDfs1Z3Pafk:x...,d2b1e4c4e4b9c7f9,"[32, exe, trojan]",,180,1,
3,c24aa19572a17632264c0af58695bea6a3fc8d0dccd12b...,cabdfd8085cb2aba30a34b2167c8ad0abc4690726f57a6...,e160179ad42c2fad460b7b75070fa575672aff58,2f53deb379502fecd2a81113ffd835a6,2022-07-01 12:21:53,2022-07-01 12:49:50,DHLReceipt10106272873.bat.exe,1105920,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T1B235C0213368C727C59F123DB82504494BF1D24EE657...,,24576:9mTp9rTQ6R7fTkDx6/kaUsSOj9dnLA6yJ9XszPjt...,,"[exe, Loki]",,171,2,
4,ab134dc417ab9e925dabf4f183d74379c5d7aa6b855a18...,38b0359cee6cbe203354d42215cb721660d8914d55d412...,9a31182a4c1eb03f5793b0388eeda715b9dda3d8,5360b8ed6a5cca8d3a8cb7bee89f7084,2022-07-01 12:21:45,,5360b8ed6a5cca8d3a8cb7bee89f7084.exe,195072,application/x-dosexec,exe,...,0567762b1e3980832ab8c6d630cca1d9,T180149E2032E0C072D9A7157684B4C7F45EBBB8651A72...,,3072:n1SLopTL3paJiqrCvCmajkT6t8+NgvDLzuDT5wqn:...,d2b1e4d4ecb9c7f9,"[Amadey, exe]",,129,1,
5,198837f6961c79be640a6bec24adb3205c69d4dab4aa04...,66e2ed921aab4c5756d95a88ca95dc13dff708bab173cc...,d20be8790c6e869c5f6c5933aa2ef0539dc7bc24,5132f6f09d1ad47c58c55b2fc289d0b4,2022-07-01 11:59:29,,62Grid5IbeB47i.dll,551936,application/x-dosexec,exe,...,dbf972b64f5bee9962fa1fbd93701ced,T132C4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DeOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo]",,195,1,
6,2a64f5a36e7363d83896af7d0a5718797b5bdb84cc19b6...,fd2e064992c6aa950f2b68b8d9ea5263c0a44e775848b3...,9237f723268edfdb50a668c0f49b42c2bc77595a,99edbfa9d76f1489b6bb06d92e361f90,2022-07-01 11:41:28,,SecuriteInfo.com.Application.Hacktool.KMSActiv...,878793,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T14E15BE333ED482B7D6A3027198CDA6BAF6E5476A0B21...,,12288:LXRqml2fcarV+mP86Kpn+GeXRqml2fcarVG1Cu8D...,,[exe],,162,1,
7,e6b5420e96f75cbc41decc0108c277b71e456a55e5fe75...,c6c5ecce43d63e3acc37ebf64c35b7cd963c6f65354e8f...,2062f503376626148862920802be1b33bdd0fcdd,890f2ae36a16e223d45f0351f8369174,2022-07-01 10:45:56,2022-07-01 12:49:49,DHLReceipt10106272873.exe,660992,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T125E4E03353F40A1CE36E07B5E4A08B3BD465EA067206...,,12288:4QPU7sy7G9i8BLx4YmsDB1YOp4ijc022XC:4xsyG...,,"[exe, Loki]",,166,2,
8,2d0474bfb8aced6c0aacc081936209dc9287827e202841...,f4199fe09057dbc7776b7226361976deec16f8efda5de8...,d5bd0d0efc2059dbbf1eaaa30b1c859c313d9250,20796a16b1839afba1f87ed53e7bd841,2022-07-01 10:36:10,2022-07-01 12:49:48,Specification.exe,734720,application/x-dosexec,exe,...,f34d5f2d4577ed6d9ceec516c1f5a744,T1D4F423E95A41261BE06225768D14A7EC93723E2394CD...,,12288:sR4YHeFGguvhC5LwR58N7ljw/M5aXjOyKdfEbqgx...,f0e0e2af8db6c4f0,"[exe, XpertRAT]",,157,2,
9,377980a84fa0c5d31dc9d9eb3d6dcaba9bdfcf1f8f201f...,a4b6f4522298d18a54646e4c336d0deecb903bf3f13a99...,848b09c0dacb4fd0364e2262b3f1e824fa92d406,02a9f2dea5ddd4e76f466f8023fe15ab,2022-07-01 10:19:32,,02a9f2dea5ddd4e76f466f8023fe15ab,561152,application/x-dosexec,exe,...,089cd79cc1eaac3fa7d34f758db58a4a,T1C2C4E107B3E20527C5A78339C893D619F776BC454622...,,12288:Zt5888qQ2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz...,0000000000000000,"[Emotet, exe, Heodo, trojan]",,201,1,


### Latest samples that matches Clamav signature "Doc.Downloader.Emotet-7580152-0"

In [6]:
mbdetail = mblookup.lookup_ioc(observable="Doc.Downloader.Emotet-7580152-0", mb_type='clamav', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,c59dc2c1dfeeb1396f7d5c6dd909f830da34247b35cb86...,9c1144395e4002f8dcf5f323846f133f069ac2bc6b5ede...,6546af75a7dfbdb3852edd1c248abe97942ce327,000abe09d01b60f777eec90fe14c431b,2020-03-29 08:17:18,2020-03-29 08:17:39,c59dc2c1dfeeb1396f7d5c6dd909f830da34247b35cb86...,208655,application/msword,docx,...,B714692071B6ED7BFFA14230888BEFF966A16D08ED4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgP76EOp...,,"[autoexec, base64, hex, macros, ole]",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",100,2,
1,10b1ddd91ee8d2da9ef9dfa5953c526b4c139d14dfa659...,42851417a263d6f87eab2aec15d3fcb912f1df4dd8fe87...,eab6c59c252d1737e2039d6414a7f87b50640abb,c2b47e5a02ac0c89e9ed854ae0cd565c,2020-03-29 08:16:39,2020-03-29 08:19:17,10b1ddd91ee8d2da9ef9dfa5953c526b4c139d14dfa659...,207740,application/msword,docx,...,4A14692071B6ED7BFFA54230888BEFF966A16D08DD4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgJz6EOp...,,"[autoexec, base64, hex, macros, ole]",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",97,2,
2,bdf5c8be5ef48385c71f424c912523c3cfe6ffa0215d08...,c1605a7c42f38e2dd474f24c4828c19d58b9a5433b2c05...,0fb5d80e11e61ee842a7c1a7d2943a77ecbf42cf,08531ac8e995bfc4692cd0591e985734,2020-03-24 07:42:41,2020-03-29 08:18:05,bdf5c8be5ef48385c71f424c912523c3cfe6ffa0215d08...,207295,application/msword,docx,...,AC147A2071B6ED7BFFA54230888BEFF966A16D08DD4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUggz6EOp...,,"[autoexec, base64, hex, macros, ole]",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",89,3,
3,542c29b3dfea261203a5c99b3657016a633a66231a82a9...,c54ebe98f5c9d9c800a11dd83622313e871ff72bd6a8ed...,8ffeeadd4f843f0070134d65a6b29e2ddbe66bc4,d7194984c4e923d1c59233bf0b640bf7,2020-03-24 07:41:27,,542c29b3dfea261203a5c99b3657016a633a66231a82a9...,208657,application/msword,docx,...,D514692071B6ED7BFFA54230888BEFF966A16D08ED4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgvH6EOp...,,"[autoexec, base64, Emotet, Heodo, hex, macros,...",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",94,1,
4,9e0f471dcc7e1f874dc550fa5ea840391bfe33e8576e26...,8a24530041c75ede2fe03f2d9c8103314ad65516219750...,fe1f0c74137e19db8d893a29afd75f227283593c,096000880d75f7f35acf59f533c58b77,2020-03-24 07:38:05,2020-03-29 08:13:48,9e0f471dcc7e1f874dc550fa5ea840391bfe33e8576e26...,208471,application/msword,docx,...,D6146920B1B6ED7BFFA54230888BEFF966A16D08DD4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgsz6EOp...,,"[autoexec, base64, Emotet, Heodo, hex, macros,...",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",93,2,
5,5a4fc3c23be16cff577a8b9af743cdfc330a1a3a8efea3...,cdb35169fb4be823e35b659fd21ebcdcf832125817e886...,9a687b92317df18848fd77f179fb34889f4e4a04,24f0c3737e9f5b5f37ebd2d97816ed17,2020-03-23 18:49:10,2020-03-29 08:19:52,5a4fc3c23be16cff577a8b9af743cdfc330a1a3a8efea3...,208248,application/msword,docx,...,D414692071B6ED7BFFA54230888BEFF966A16D08DD4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUg2f6EOp...,,"[Emotet, Heodo]",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",74,3,
6,6c9abcc36eabca228547b6478a2da6026d8c1874f8ba68...,2eb9a63f336aa5518f99ac7aa57bed6905e7c8440e4885...,4167167b821b2ac0718c68cfb6482bc58bca9d41,99fae99a021d5ef85291293f89c34f9a,2020-03-23 16:57:26,2020-03-23 18:55:47,6c9abcc36eabca228547b6478a2da6026d8c1874f8ba68...,207795,application/msword,docx,...,7114692071B6ED7BFFA14230888BEFF966A16D08DD4D9D...,,3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgDH6EOp...,,"[Emotet, Heodo]",[],"[Doc.Downloader.Emotet-7580152-0, Doc.Download...",73,2,


### Retrieves latest samples that matches the specified imphash

In [8]:
mbdetail = mblookup.lookup_ioc(observable="45d579faec0eaf279c0841b2233727cf", mb_type='imphash', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,telfhash,ssdeep,dhash_icon,tags,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail.Generic,intelligence.mail.IT,intelligence.mail.CH
0,3335f6bcfb168bfad8fe8622f515ffc6e4e3b74c9bab6b...,4978e72d546964948d4836970991611f4890f1aaea6181...,190122935eafdbf0d1c5b0a7c86cb24c04aee308,0d0faa3ffb8ea5d041d2dd24b544d2b1,2020-07-24 09:18:30,,File 2.exe,809472,application/x-dosexec,exe,...,,12288:zRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLO...,,"[exe, Loki]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",71,1,low,,
1,97938446027c2f5c4c5eeebff3b37cb3812da2fe45f092...,553a03ed1ba38c7604dfa2a421371b6f3e9e0576f12735...,9979b550d2414f1e97d51b44116ae4fb14ea9265,943c81115f3e9d31fd1ef58690d46acc,2020-07-23 13:49:30,,commercial invoice + packing list.exe,744960,application/x-dosexec,exe,...,,12288:yRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLK...,,"[AgentTesla, exe]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",74,1,low,,
2,14a985c4f8b469d858f155c59618c45365a0a7b87a73d9...,a59bfde721bd0409e1436c059d1873ec702e7000eab8a7...,5ce575f5ef1611f3594675f593c582a9ff6b356f,a32ac4f5fba2b7224e68d6ad9bfbc2e0,2020-07-22 10:58:06,,Shipping Document VESSEL SCHEDULE.exe,626688,application/x-dosexec,exe,...,,12288:QRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLt...,,"[exe, Loki]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",83,1,low,,
3,612a1123c2ca0a0c3f077aa506b48cfbbeb815c1c026b8...,cffb01732f112ad64d2da07c03377f47501d92f75e8e5d...,3303e4acce086996bec36fd46ad396e01960820a,55aaee46446d832abbad8ed6bde21085,2020-07-22 10:44:20,,1014-07222020.exe,730112,application/x-dosexec,exe,...,,12288:HRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLp...,,"[exe, NanoCore, nVpn, RAT]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",85,1,low,,
4,45b7e7e404b6cd8eaca7798b5977fe17cae6a261e45d6a...,076bdaf9a9578bb2ea4cdbc5de2485fc81dd539b9ddda9...,6a7b3c48b240e8566aa53d73d75d438856015e0a,cd0a2bd06bdbf4047a3d4f01227cb5b5,2020-07-22 10:42:42,,Ordine nÂ° 2000837220720.exe,729088,application/x-dosexec,exe,...,,12288:PRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLK...,,"[AgentTesla, exe]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",83,1,low,low,
5,585dbee4540fb6bf72116be77c1902ef1c1a716a70b491...,1a04194b0ad44ddeb25b7d155ce59429fa3eaed4f83547...,7ae1b49f968d668faded948c1c674011af4d95a0,ec1de4028f8a2f58111370668da35a39,2020-07-22 10:15:11,,Factura Adiego.exe,829440,application/x-dosexec,exe,...,,12288:5RmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqL2...,,"[exe, NanoCore, nVpn, RAT]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",87,1,low,,
6,4dd2b414c77ad5e60685dd8afbb92d5bf6e3ed11edfa36...,d2c6de54c4357e3df26c370a252c4887b5ab447d02470f...,f3dbd99925f98b225ff23a799001495d04097bce,bd66883c753dde3a74f14e8b5ff9f163,2020-07-22 10:13:47,,Solicitud de presupuesto 009876.exe,737280,application/x-dosexec,exe,...,,12288:KRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLJ...,,"[AgentTesla, exe]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",82,1,low,,
7,52e864374ebb34727b88f278970946520a53383c0b7e85...,f1558f950057bb5cb78df801b8b80ec3670cf0841cd837...,acbdf5ae0b8b73d8203f52b1e104205ac39432d6,2e0754487143853f2791b729f2222146,2020-07-22 10:11:26,,Product Inquiry.exe,1161216,application/x-dosexec,exe,...,,24576:O0B4U+Qo5Ph4ZWkQ5egqLEYctMqp0l7IQVDtyqkx...,,"[exe, MassLogger]",[SecuriteInfo.com.Win32.Herz.B.125.14884.UNOFF...,76,1,low,,
8,26e7e2592001dcae03d24805daf839378a61263b2aab7a...,f69e210ee6c857145684a95b98f0647538804322d10078...,d1fd550d804bf18c3cebfc9e0839d1f4667ff9b7,d90a279bbb5237ed268a6d2f1b7ff435,2020-07-22 10:10:49,2020-07-22 14:26:26,Shipping Documents.exe,726016,application/x-dosexec,exe,...,,12288:3RmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLJ...,,"[AgentTesla, exe]","[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...",78,2,low,,
9,0de023c805c4aabdc9dab70f5660298017276e1a14ca05...,81c3e6882ad0adbba0e816a99627d4c7b0eb6c341091cc...,536dc660173b996bc930e9d6a8e1885af58af181,6df4fddd3267ebfec3f7bd6f9101afa0,2020-07-22 10:10:39,,IMG-00120200721_0099991.xls.exe,1159680,application/x-dosexec,exe,...,,24576:u0B4U+Qo5Ph4ZWkQ5egqLk8FH5k4LbIkcYcZpRqQ...,,"[exe, geo, MassLogger, TUR]",[SecuriteInfo.com.Win32.Herz.B.125.14884.UNOFF...,78,1,low,,low


### Retrieves latest samples that matches the specified icon dhash

In [9]:
mbdetail = mblookup.lookup_ioc(observable="48b9b2b0e8c18c90", mb_type='dhash', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,5c7376642ae772ebc0e2363467174c4f83c111a98b3658...,8a4ff9a844323ca6e311b023fd0ddf9f1afa7a63323aa8...,318989d3c23db978109546b586d0a0b3e496843a,c69936d8205c54b3fa75e79aa3abe2a7,2021-08-30 12:25:47,,5C7376642AE772EBC0E2363467174C4F83C111A98B365.exe,477184,application/x-dosexec,exe,...,cdab0fef7b5479a045b4ff0657b0733b,T19AA401127A90C432C4961A344936E7B05BBABD7159B4...,,6144:7VXoa6rJsXSlvYdyBYlQahhyvuAsjSD/HOaj+M/le...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Dropper.Zusy-9876039-0, Win.Packed.Generi...",87,1,
1,f5ce1abb61275e3402f49f48e8094bd2aa038f03845c41...,cedb0010f5eed344afdd71e43a65201dbf66b881934daf...,9a14d82d40df41a76b2bbc7e6666a6356f847ca4,f955a4e61c68b3468602f18ab469c46e,2021-07-31 04:15:39,,f955a4e61c68b3468602f18ab469c46e.exe,539136,application/x-dosexec,exe,...,a06df199bc5c29ff1f7c13754059d5f1,T135B4F160FAB0C872C0E4053188E5C5A5262DBC257960...,,6144:zMlg7xejJLjVFT87j9ycfUgso52VnSAUiix0PelGO...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Malware.Filerepmetagen-9881079-0, Win.Mal...",551,1,
2,5b74ce1d96a51a2083e32854851ac5152bca49293c4a59...,5c268e08a5be03dab7edb452c4ef32b664cbf174dd1147...,ab710e4811d11d68ca5505a0408ebed17760a5b8,d5e720a7076622dfbd3609642cac5c03,2021-07-25 20:55:55,,ab710e4811d11d68ca5505a0408ebed17760a5b8.exe,311808,application/x-dosexec,exe,...,e65b83417738f666152fabcdb3753ddc,T12564E011FEB1C832D4550A7148E6C664672DB821FB70...,,6144:EG0NJtV7zMcepWlFYr4TXFQ3Rl41XwcVBPAn:h0NJ...,48b9b2b0e8c18c90,"[exe, RedLineStealer]",[Win.Packed.Raccoon-9881206-0],159,1,
3,bf53b4b404f09c51fc30b4e683f5258b8172e0698ec618...,b578616eceac5f11bb16752b2fbecadd037e2898ee69e2...,4d6304391e16baa517f219ee644b4227fe2b2a65,f4ad2cb7d4d6b02b1debf1d41849b71e,2021-07-25 16:41:16,,f4ad2cb7d4d6b02b1debf1d41849b71e.exe,504320,application/x-dosexec,exe,...,e08a2aae7cff0b5149ba174a3d48f743,T1C4B41239B2A0C471D81104315CE7CB95AEAE7C3B6A7C...,,6144:Ek9mTKSLL6cUQalEKi4WMhx+/YhZCOc7BlYh8wOES...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Malware.Generic-9880784-0, Win.Malware.Ge...",162,1,
4,6b01154004b3baac2cc7701d8319f4cc7a7ef361e02937...,3b2441005a98b394e393db6bb6c869fb1e61e9af0afe88...,ad5f75c5f9471a80a42ddd517af33eac080694e6,ae428d94143f5ccba46a5f839074eca9,2021-07-25 11:41:14,,ae428d94143f5ccba46a5f839074eca9.exe,504320,application/x-dosexec,exe,...,c53e08bb6beec713632928ff71fb4e4b,T1A2B40213B680D473C25119310CE3CA79677DA96E1D38...,,12288:aj0qGutOATlQtEo35BFVrfkpZCq//GVn/5c1ypYJ...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Malware.Generic-9880784-0, Win.Malware.Ge...",170,1,
5,4acbafb8a79411abf461bc4ebe4ad1efe4abe663adcd79...,d81df14267a306a36649d233e3d07b2166f0345ba26c26...,ca764bbc548407d20f0a465aad48879b405658f1,200f4423e9f93a1b71a5ef368ba5919f,2021-07-25 05:51:35,2021-07-25 07:03:21,200f4423e9f93a1b71a5ef368ba5919f.exe,525824,application/x-dosexec,exe,...,7674305f35b9aa8841472231e8903dc3,T1B1B40154FA71EC32C094087444F5E6A1763CA826B955...,,12288:OlahFbdTbwPjfEmNYYsVWQMkFmqiBPAi:OlahFb1...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]",[SecuriteInfo.com.W32.AIDetect.malware1.2062.2...,140,2,
6,a6b60d3eaf83eb41ef1a22617ce085d5560f0768728a47...,4e94ecf58933955276e1a273d03534d3ce9b8c06649f9b...,fceff8fecbbe296d2b1fc4ed0dd4cd435704d259,4b6f1e1c7508808132fa6da57ba4f703,2021-07-24 17:00:56,,4b6f1e1c7508808132fa6da57ba4f703.exe,504832,application/x-dosexec,exe,...,09fad65bab468ddd6d77fa7d048c7436,T14AB40264B190C472E0915A315CE3C752AABEBC75AD7D...,,6144:/s1URJ/dBZ9f9pVpu6TPS57m8+/p/228pv17ZtCmK...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Malware.Generic-9880784-0, Win.Malware.Ge...",126,1,
7,b1e70a6920b93d6df9e7bf189d43378b5e449beedcf65f...,4fa22011a026a385024eafeb277110072482c205c2b1fa...,a522645953d3992521b8ce13d5136ff8199de7bd,1ef23731d98d4f68020f8266876a8746,2021-07-24 17:00:53,,1ef23731d98d4f68020f8266876a8746.exe,504832,application/x-dosexec,exe,...,e08a2aae7cff0b5149ba174a3d48f743,T113B41220F261C873D5A416315CE3C7D5AEAFEC3149A8...,,12288:YOC33JJPtpjz8u6dQDyushZ4H2D5ZyEqL:JC33vP...,48b9b2b0e8c18c90,"[exe, RaccoonStealer]","[Win.Malware.Generic-9880784-0, Win.Malware.Ge...",127,1,
8,4bf2dace8a23551a3cd374a14b68cef6185aa18f9148da...,15e9c270e925de997a7a8bccd0267f902130801e954d87...,fdc030df123e6e6a712cbc960a2e7c63266bf040,0b862b9c889d4bdc6f0bac7d702d8753,2021-07-24 10:59:30,2021-07-24 11:49:58,0b862b9c889d4bdc6f0bac7d702d8753,805888,application/x-dosexec,exe,...,ce9705bb401fc9d98960cc1eae900199,T1F1051260FAB0CC32C4840A7859F6C6A5262DFC667B70...,,24576:reKt4RjnJ+wWEr55fRue+cfxiskJM0BPA:rORdGA...,48b9b2b0e8c18c90,"[32, exe, TeamBot]",[SecuriteInfo.com.W32.AIDetect.malware2.23336....,143,2,
9,3ad13fd7968f9574d2c822e579291c77a0c525991cfb78...,f6ccb0d1c911bea5cd76f893fd9ed9b15a5e651d9f2268...,4412581e1e3e21494b2e8311e9a3690f684a743c,4ef58d8885410f6befd97f5536756ef4,2021-07-24 07:05:56,2021-07-24 07:55:34,4ef58d8885410f6befd97f5536756ef4.exe,4625448,application/x-dosexec,exe,...,77ea83f3db2bce57a4cf8f786a999acd,T1FF26338CFAB2C9B3C84504B186DD8328636FE8523C78...,,98304:I+tu+wI9bpk/h60fb5FX6oWhkwQVNN0cMVNr9wu:...,48b9b2b0e8c18c90,"[exe, Glupteba]",[SecuriteInfo.com.Trojan.GenericKD.46673241.17...,289,2,


### Retrieves latest samples that matches the specified Yara rule

In [10]:
mbdetail = mblookup.lookup_ioc(observable="win_remcos_g0", mb_type='yara', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,e03a40e689b0ce40227d155c33d3f9817534f0e1bd63e2...,c2b22fde18e1a31be3acfe8893039233f3000748042930...,94893ac13fd47aa7a50ea92c62a597fbde9abea3,9184b85a271913fcaea0824d2748c821,2022-07-01 08:01:58,,SecuriteInfo.com.Variant.Zusy.427939.15383.5259,912896,application/x-dosexec,exe,...,T144155B2AB191C432D1E21E359D8B57F56937BE802A28...,,12288:hSH1x/NoKtuSn5/S5/6zbxkRrf1iX1+I+kabKnfI...,70959a9c8cdc5ab0,"[exe, RemcosRAT]",[],,174,1,
1,536825e3595105a2c36da5c1a71960332af4b77c89b8bd...,dd49d0f3c92541d5b4bcc368d6eef32a0d46f78de7866c...,716aec328e3632d75b968e8e6612fa4a79106278,479baebd712ae0ca1686b79aa2b92b7a,2022-06-27 10:03:49,,SecuriteInfo.com.Trojan.DownLoader45.1463.2107...,901632,application/x-dosexec,exe,...,T1C0159E36F3C1453BC4E32A355C6B63A5A837BF012A6C...,,12288:VFAa/jmra7RB+8VL4sckZIRDrtQXLgL7f/Bm+vym...,74f08889868e88b4,"[exe, RemcosRAT]",[],,212,1,
2,b5b9f08125865530d6a45b5fdfc563dba9b708500ca120...,db8e4267fa44b184cfa365fd263ea80f1de583c7e7f925...,88fbe80963cc25fb9a48a23ee7cbf9462fa783ec,eddef38117dc5cc2f05ff608c1a0f3d0,2022-06-27 09:35:11,,TEKLİF İÇİN ACİL TALEP.exe,818688,application/x-dosexec,exe,...,T1E405020071C4E203C26F1E7B597150110738FADA3E56...,,24576:zT1YivcYiOw9F0vw9FEY9lw9FDxPCrG2Wx2CmYiO...,,"[exe, RemcosRAT]",[],,205,1,
3,6d7dfe3592cf3ad49100fbc204023fcedce036536b5d07...,535204e0fb99ddc2dc1ea51d9a58e459b2856002f020a2...,22eaa1b282ebb51c56dd29098998b47514e89214,a444dd9420d1e3951affd0cc65317ea9,2022-06-27 08:35:21,,Krpzvaoxceccrkdultclljinizjnkycaej.exe,726528,application/x-dosexec,exe,...,T171F47D66B3D04837D1E65AB9CC4BB3A85C2FBD103928...,,12288:xFNmhcS6Id9cH2gQEqYT+IZgJevo1PKsy7VScSwu...,27d0d8d4d4d8d027,"[exe, RemcosRAT]",[],,207,1,
4,21b732241a17d791bb2f313d8f3710493e137fc3e46567...,993af0e94d2088ff0d424e3fb15d6fdc8d30548b60d1a2...,daf67db9e8157319d2dfba52d21535d4edc04efb,379fb6b5ce476c0aed6d3c1a43452509,2022-06-26 14:05:53,,"AWB # 9350261742,pdf.exe",901632,application/x-dosexec,exe,...,T171159E62F6C04437C4F32A345C5BA3A55837BF011D6C...,,12288:VFAa/jmra7RB+8VL4sckZIRDrtQXLgL7f/Bm+vym...,74f08889868e88b4,"[DBatLoader, exe, ModiLoader, remcos, RemcosRA...",[],,273,1,
5,31984bd41a4812ad39b5b59f7d456e336194d4ce1c1060...,805bafce23bb78527c7cb772286338da0146e223e4dfa5...,153007c80517c1534b07c3fe0614d3b3c51fc037,f19ebdc1c071a5d36ef33273bb902b03,2022-06-24 12:42:39,,SecuriteInfo.com.Variant.Zusy.427341.31777.19735,818688,application/x-dosexec,exe,...,T1B5058D63F6C18437C1E22A79DD4B52B4982BBD111E28...,,12288:wwTdxwdGmxLdhcpJG1H3qrL9P/oOzjA3VcvtScSw...,74f08889868e88b4,"[exe, RemcosRAT]",[],,179,1,
6,3d727238c4f455ec0728148e58b1f9b016b5f322a50b7e...,5ccab5186aaad9b8b35f1c84c70a2094d6cf4958713f75...,d78bd329e21002d3a41550c9c7fc5b77b39a8573,d34c465c9c51332b24e1b4de14b2514d,2022-06-24 09:57:37,,SecuriteInfo.com.Variant.Zusy.427341.1751.7282,818688,application/x-dosexec,exe,...,T145058C63E6D14433C5E21E39DC5B57A49937BE002E38...,,12288:wwTdxwdGmxLdhcpJG1H3qrL9P/oOzjA3VcvtScSw...,74f08889868e88b4,"[exe, RemcosRAT]",[],,191,1,
7,ae17eb26cbf11d83aad80be39ef37eff7e58ea81a10dc8...,ddbe1dfcf5494efc4cb598bc383c82cdbb75c11492ae08...,ea694eaf46cedbe901b7d81c70b0aa77aa8af889,451f3bc0ec49995f46b0b0d388b93b95,2022-06-24 09:11:16,,malware.exee,94208,application/x-dosexec,exe,...,T1E393D813FA4AD0B2E46591F146426F31CEBCBC363649...,,1536:YhhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkI...,989894b49c9494f0,"[exe, RemcosRAT]",[],,179,1,
8,03f3d8fb4e7587151496f40eed03185305e8569206cf57...,1a8674bca969fc5e300c90f3c494de79359891775cc416...,dbea73f5a3b6db3f0c9e62faaa1e91e249eabd33,6e4434ac4c62718c26e3cbd4c7b7eb3b,2022-06-24 07:44:16,,SecuriteInfo.com.Variant.Zusy.427341.3668.1427,818688,application/x-dosexec,exe,...,T112059D63F2C14437D1F22A799D6B92B4982BBE102E38...,,12288:wwTdxwdGmxLdhcpJG1H3qrL9P/oOzjA3VcvtScSw...,74f08889868e88b4,"[exe, RemcosRAT]",[],,175,1,
9,10aaa49fc2023480ff5a6a25e478df0c62bb3688ab615c...,33864938ef342eed54b24bf2f90a4efe816d3bc532be23...,9da42db6807d5912888dbb75b29327c6a5996cf9,14d08312310af559531055015fc19c6e,2022-06-22 21:30:36,,14d08312310af559531055015fc19c6e,102400,application/x-dosexec,exe,...,T182A3E713FA4AD0B2E42591F546427F318EBCBC323649...,,3072:LhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+JP/P6Nr0:L...,989894b49c9494f0,"[32, exe, RemcosRAT]",[],,231,1,


### Retrieves latest samples that matches the specified TLSH

In [13]:
mbdetail = mblookup.lookup_ioc(observable="4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4FBC789AA020A31B05ED12350", mb_type='tlsh', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,52fce8f05b7bcad7c37912d8408be264e25301464474c4...,f7af2c9164495b59c212fe63a822ba96e87fae7c91ad87...,f4683e2471507c46d615e2139b25507e3406de7f,ba061b60e72e81ef174c6f38ecbe40a5,2020-06-17 00:09:41,,pops.works_manahet__913ab4nu59ok.exe.malw,496037,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,66,1,
1,e549369801506cbbef9a872289ac450273a6f1673e2c9b...,2483b4b9e4c0a25d57a6bd628b9c59e6040d37c7760873...,f96464d8c8b3a4591a4bc34452a59df7052aabd9,991b6d39966597c12b0ea799a056d49e,2020-06-17 00:09:34,,pops.works_manahet__910ab4nu59ok.exe.malw,496127,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,66,1,
2,69b47b24ade5077dd694765b73e1fb2c16c69d03e39f42...,93739fdca08dff670f91b4af8b8633809a76173ce97d6f...,b21075a21bd7473620a5d67746185ed0efe17c1b,8f914d42f69b6408cfcb12922ee39699,2020-06-16 23:35:00,,pops.works_manahet__2988ab4nu59ok.exe.malw,495990,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,57,1,
3,cfb9760bf161f34f1f6922babe8c09dd9477b34b832de1...,1d888d5c5c303b6e5871bc70c8672cced0891700e348f4...,64b56fa3c3fc6542632d0d5d1d819e4c35cd34ad,1b9453d1193a14db559150f40d953987,2020-06-16 23:18:36,,pops.works_manahet__2711ab4nu59ok.exe.malw,496085,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,60,1,
4,c7d996fed3fac2ff6add0ba741a61176f20dadcf25cfce...,31c27c607d7691a98a816028cc9804f2427cdf3853cab2...,9587b2eff81736f4bb98a33782665907bcc98ca5,efdd28e398a9cadc5a97877a90122913,2020-06-16 22:42:20,,pops.works_manahet__198ab4nu59ok.exe.malw,496164,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,59,1,
5,f2757682119b5daf632e40b37586d55850ef46cd510f18...,31aff8cd78201e74db323bb3315e6adb954e5358926179...,3f8db2d73670b655fbe3375dbb07a5ef676fb082,354f67d77cbf9d5ccd211673205c3dc3,2020-06-16 22:38:15,,pops.works_manahet__1941ab4nu59ok.exe.malw,496078,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,54,1,
6,eba4014f86d3d6ff53b40db04fe41a62ab3bbea61761d9...,2c7f98f4de25b2c679b08df288eeff364c53f24fda68b1...,c92d4b2698e653d37de5f7bf4bd3387e00624523,89e958619bc685ce85b52950f52c022e,2020-06-16 22:37:40,,pops.works_manahet__1928ab4nu59ok.exe.malw,496390,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,52,1,
7,2d9e273e556e79c1a712a7b8044be998d681cc7953b1f8...,127294be489448bd6d1f55f399271510e85381a66b2a80...,2e387fc861253bd637ba24425030c3be65085bfb,438f2357cf0916af3b6e495c140456b8,2020-06-16 22:18:19,,pops.works_manahet__1623ab4nu59ok.exe.malw,496056,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,60,1,
8,2c3723ae043796895afb2aa8e6d465e65e1fc0b22dac84...,601223ce7eeb84a0545ed9e455b6f0865ca64bbb05b2d9...,c7d18c164f41faf9337a4d2ee7e25fa32d6cc7cb,a1efd37441a618a2b4a4a38ebc768051,2020-06-16 22:15:46,,pops.works_manahet__158ab4nu59ok.exe.malw,496289,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,55,1,
9,6560ba1a1c5046ef58b32c96871949ea41a50f94397721...,71a8f2cce38c299324bb98d685bfcd56efa1fec1be4892...,3dfc79aa0876d075e5917e4f3798e351b75b04d4,fa57f5d615aabe519d250deae48ecdf3,2020-06-16 22:08:50,,pops.works_manahet__1498ab4nu59ok.exe.malw,496017,application/x-dosexec,exe,...,0b23b9ad9f12b8fc28e61bff35382e32,4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...,,6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...,,"[malw, TrickBot]",[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...,56,1,


### Retrieves latest samples that matches the specified Telfhash

In [15]:
mbdetail = mblookup.lookup_ioc(observable="ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037a00463e93033abe466069c7a", mb_type='telfhash', limit=10)
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,2a57fa24db780dbd1f69f8e5a1b9b706b8c194c191caab...,a0a788306dea0da357ebf2a9eb8e33b5a49cff4e834d79...,51b84deed7b2241107fc2466ee35515c8bbf7c3f,9cd79b3a9da869b9b763620691ecc044,2021-06-22 15:22:38,,9cd79b3a9da869b9b763620691ecc044,68176,application/x-executable,elf,...,,88635AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...,,"[32, elf, intel, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",117,1,
1,9367a86cc5573afc8c34963ac610baaa59fc279c2f38d1...,c3c8157eb7b395eb7bc3560af8efd89c1283b46358d682...,2cebe480f78bb005ec20a1b35f4d7701b6fb6021,cb8d0427ff2256bca6d0f668b66dc803,2021-02-23 19:16:02,,cb8d0427ff2256bca6d0f668b66dc803,68176,application/x-executable,elf,...,,E3634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",131,1,
2,89b34c5b07f27d0d28a497525340fa17a623d53544dd59...,8e356f3cdfa5bb04e25cc11496768b649b62af0d57812a...,a9ad5e11e59037ebc178eac0f4708f590a6d7e0a,c8998a85f4c9f1d79ef360cf10ce01e3,2021-02-23 19:16:00,,c8998a85f4c9f1d79ef360cf10ce01e3,68176,application/x-executable,elf,...,,81634BC4B643D9F2ED0602B524B7EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcu/JOas6vYUZ...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",134,1,
3,0ca882a6b9eac11e951bdb8dbf44dccf66c63818c68846...,b04d983571c634862a94710c75fefe5b3cb61286e8f26b...,cfadb6f29ef5fe8c2a05304002d446843a074e25,3208d52296dc5bd0d016b0869c3cc4c7,2021-02-23 19:13:38,,3208d52296dc5bd0d016b0869c3cc4c7,68144,application/x-executable,elf,...,,5C634AC8BA43D9F2EC0602B52077EF338E76F5B6215AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",90,1,
4,f72ef232f04ae1ea49281e8e1d8a3d0b39ffd6622f8e8a...,2565e69468bc93b44a7d2e7b871c21dca89b00584a4863...,ff94b4e679a2af8da8a158ad47d73c45bb900213,59eb4dba2597fcf07f1953c8d7df8226,2021-02-23 19:13:13,,59eb4dba2597fcf07f1953c8d7df8226,68144,application/x-executable,elf,...,,C3634AC8BA43D9F2EC1602B52077EF338E76F5B6215AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",57,1,
5,3386838e10e6f0235e26615bc5ca8fa43139eb0cf58453...,ae605253a5c8860b33e6528e2a518a517429628996e392...,ef59eb366924c376a377e6ef072f276aea26e0fb,6407985c60bd18bee0339e8e949dfe43,2021-02-23 19:13:06,,6407985c60bd18bee0339e8e949dfe43,68176,application/x-executable,elf,...,,65634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcMl2fas6vYUR...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",57,1,
6,398c0b834906624f41aad7609c6a1d65a684f173a62fb6...,ba9d52b4a7b604eb063a92ba0bfa4b6dcab88e137601a4...,5fec0097093243d3d69f1c473eb4a2a992b58dcf,b1abf91fe2460339de5ab1d2da23b2a5,2021-02-23 19:12:31,,b1abf91fe2460339de5ab1d2da23b2a5,68176,application/x-executable,elf,...,,0D634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcMol2eas6vYU...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",54,1,
7,e3065b89a497edde2a814cf88204aa09a6ab6f181d8893...,7cc24dc2189d4502dc5f773826fecc43d05074bd6fb867...,7627d5f44dfbdcb332fc824693aee63004bef180,7b1ac2b9ff3e06aecca478466be683d8,2021-02-23 19:10:19,,7b1ac2b9ff3e06aecca478466be683d8,68176,application/x-executable,elf,...,,B7634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",49,1,
8,15ff59c63e25fee8ab22639ee034600557090bb2789d0e...,a640ad190054466151b16ea18dc6ae262ec3b240beda28...,405096c641c1af1417fe239be43611a184fc48bd,de61ac7b487c95db132070e6add18c7c,2021-02-23 19:10:16,,de61ac7b487c95db132070e6add18c7c,68176,application/x-executable,elf,...,,99634BC4B643D9F2ED0602B524B7EF338E76F5B6216AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcu/JOas6vYUR...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",52,1,
9,84b5aa70e56ee461234480fd887a2b08c5e717b62b3020...,643287d5665d73b3bfdd40bca2895d57d98f121747431a...,17bdf61c4fa9fa9d6717f595b44207861287c26d,e495a650899a09ff1b1bbb22e5c1b42c,2021-02-23 19:10:04,,e495a650899a09ff1b1bbb22e5c1b42c,68144,application/x-executable,elf,...,,85634AC8BA43D9F2EC0602B52077EF338E76F5B6215AF9...,ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...,1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...,,"[botnet, mirai]","[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...",49,1,


### Retrieves latest samples that matches the specified Certificate Issuer Info

In [22]:
mbdetail = mblookup.lookup_ioc(observable="Sectigo RSA Code Signing CA", mb_type='issuerinfo')
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,reporter,anonymous,signature,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign
0,94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e...,,7c9bf87daa9c7f894dcfdaa19e75808938db9f51,54a57c4a0b4891ad3ea90bdf833beed7,2022-06-26 17:31:01,,94E4D5FCC31FC37AA29B3D042BC2C0295B66592F33730.exe,17174640,application/x-dosexec,exe,abuse_ch,0,RemoteManipulator,38be718d163809a15e0c7a672311fe41,T1BB073387FBE58819C4FF0ABB49BD5B100B39BCA45923...,,196608:/KUhrgqNFW2KjXtamH4r+YD7WMHJb4xPST6Q5Vi...,c4dacabacac0c244,"[exe, RemoteManipulator, signed]","[{'subject_cn': 'Remote Utilities LLC', 'issue..."
1,3fb44554b7b6430a01bdb5654843e71a701a9eb328360b...,,8cd2bb08a683f7138158e313ea7096c338eb5a9f,b26b51ab96d6036a653197a317cc883b,2022-05-19 11:09:41,2022-05-19 12:08:59,b26b51ab96d6036a653197a317cc883b.exe,5677384,application/x-dosexec,exe,abuse_ch,0,,174ce89036c96835e6346259be1a843a,T1AF463323DEE7AACCC5730D3910A06AE3ED5644F629F4...,,98304:NOOXWwTDlylC3pDa0fMu2HSFzK2KABoGlslqDIXq...,,"[exe, signed]","[{'subject_cn': 'Wilke Trei', 'issuer_cn': 'Se..."
2,340b5f3c9f07c276be1ce0cda813bd6d188f699c9a4e60...,,a9331f53ef854bd97b7ece529754d04897233fc3,6853ed33eba0c33848c1eda0463cb414,2022-05-17 09:34:24,,VkDJ.exe,1934608,application/x-dosexec,exe,anonymous,1,,5a594319a0d69dbc452e748bcf05892e,T1F995C03BF268A53EC45A1B3245B39350997BBA60B81A...,,24576:W4nXubIQGyxbPV0db26WLJVEubgC5sv1Et9uGpck...,5050d270cccc82ae,"[Adware, exe, signed]","[{'subject_cn': 'MONITOR, OOO', 'issuer_cn': '..."
3,d1b71af0f409d55636d9ad69f36506b3310a3035c1c1ad...,,59cdc88dd483df3ddd7fddf676ac107557fe7f80,057e79acc279e2e32509355bf1297a50,2022-05-16 21:31:33,,VkDJ.exe,1934688,application/x-dosexec,exe,anonymous,1,,5a594319a0d69dbc452e748bcf05892e,T19295C03BF268A53EC45A1B3245B39350997BBA60B81A...,,24576:+4nXubIQGyxbPV0db26WIJVEupsv1Et9uGpckT52...,5050d270cccc82ae,"[Adware, exe, signed]","[{'subject_cn': 'MONITOR, OOO', 'issuer_cn': '..."
4,a750bc331fac040142dec00216a72a00a4e3ec24ef21e0...,,87a11b23ceebf073709580bb79ea11d7af5acdce,3eb50d8a01158bf0c2697affc25c8c8a,2022-05-16 13:23:32,,VkDJ.exe,1934664,application/x-dosexec,exe,anonymous,1,,5a594319a0d69dbc452e748bcf05892e,T1CB95C03BF268A53EC45A1B3245B39350997BBA60B81A...,,24576:84nXubIQGyxbPV0db26W3JVEuvijYsv1Et9uGpck...,5050d270cccc82ae,"[Adware, exe, signed]","[{'subject_cn': 'MONITOR, OOO', 'issuer_cn': '..."
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
95,d98bdf3508763fe0df177ef696f5bf8de7ff7c7dc68bb0...,,00b5ebe5e747a842dec9b3f14f4751452628f1fe,551be7024b92c5df38fb118aa9cceba3,2021-12-03 23:10:46,2021-12-04 00:54:37,d98bdf3508763fe0df177ef696f5bf8de7ff7c7dc68bb0...,253816,application/x-dosexec,exe,ArkbirdDevil,0,,c5a628f46d759fc3242f38061efe6410,T1AD440227DB1313E5ECBD6A7080A0721F7E32364A8774...,,6144:qdzSBLCFiWO4JjxpJOARAaStn3bo2bJQXT9uaG:Iu...,,"[exe, signed, TA505, x64 Driver]",[{'subject_cn': 'ROB ALDERMAN FITNESS LIMITED'...
96,4be7aad46de1042ea916b9e6ef6f18fcb56b40e768b94b...,,1a8f804cde232ee934047d3fd4ae135daa92edb1,4abce4f1f950875e6b6348546a0d5afd,2021-12-02 14:50:27,2021-12-02 16:55:53,4abce4f1f950875e6b6348546a0d5afd,644064,application/x-dosexec,dll,malwarelabnet,0,Quakbot,cc073660bee306adbee20d6e806e42c8,T1F7D4A022F3D04833D1B36A7D8D57526C5826BE513E28...,,12288:NGT8TdlA9VQ7iZq+7Lgf4qJmaeIuSQ8DgrCrhxEN...,399998ecd4d46c0e,"[dll, Qakbot, Quakbot, signed]","[{'subject_cn': 'OOO Genezis', 'issuer_cn': 'S..."
97,4a246227c6e8b90ca664792a9d6ced9f1e7c20283891bb...,,bed7f4be8a65f73f13b1aa23edb4ac3d2dec9fc7,0df16e357ce0052ea349ebade16f0883,2021-11-23 09:08:04,2021-11-23 11:05:49,0df16e357ce0052ea349ebade16f0883.dll,443240,application/x-dosexec,dll,abuse_ch,0,Dridex,056c904cbd1371f4cd9591217dcabf76,T1A694BF968AD3A103F3EA7E7C42753E9DDE3178292198...,,6144:tdzaq9pIe91oA9f+G91Yu9Vg09T8W9pSo91yqj1Ks...,,"[dll, Dridex, signed]","[{'subject_cn': 'STAND ALONE MUSIC LTD', 'issu..."
98,254bc968237a6e965cc06d4761818de91d9c8373a0d48a...,,5f8c6131bc857d6e68134643a49276889322c6a7,f2dbc1e827cd5762bf75cf8ffe79616e,2021-11-23 05:35:40,,CLJJkWORzpshekniggagook.dll,439144,application/x-dosexec,dll,JAMESWT_MHT,0,Dridex,3f84747faed4a03ac4a29c71aec18674,T17494B04441876A71F65115F8BEDB3AF2BCB3CC7EF4E0...,,12288:lpY+i26s0+yheTEuvIKRcUDoWdIcgTUEtHkIGixs...,,"[dll, Dridex, signed]","[{'subject_cn': 'STAND ALONE MUSIC LTD', 'issu..."


### Retrieves latest samples that matches the specified Certificate Subject Info

In [23]:
mbdetail = mblookup.lookup_ioc(observable="Ekitai Data Inc.", mb_type='subjectinfo')
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,reporter,anonymous,signature,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign
0,c79957ca77f6355fb02b9a0d9d2a4c86bca3d6fd53afbf...,,989847d98a42b5e38dec8da84273908773666fee,61f8e8680493350a1b3df43bde88030f,2020-08-26 11:43:22,2020-08-26 12:51:22,srt_join2.bin,280448,application/x-dosexec,exe,JAMESWT_MHT,0,TA505,099a636c552cf9ca90b2cb789202a343,2A54C09ADB23D2E4E869D5F07574B6733E363D08E26447...,,3072:5Zw1GCu5naotdOJb72+1zhgR0hbxVzTvtV3aLztDA...,,"[64bit, dll, TA505]","[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn..."
1,257b0d37f34e05dc0ffb5e8c93f9a2eadf7d5ae3bcecb0...,,0c95cc765cfa1b623e4a2e19479a8d9388dd57df,7212195ad8edbdc8d063fa7ae29e4e04,2020-08-26 11:43:05,2020-08-26 12:51:31,srt_join1.bin,348032,application/x-dosexec,dll,JAMESWT_MHT,0,TA505,4b9b01fb6891e95cfb189a66c9ebc808,C574E102BBD2D5B9C8CB843458B55A7C07BBCD663F4028...,,6144:bTbhpsgZ09JTYNirD6tlMFnYmkx2/511qZb2ithvs...,,"[32bit, dll, TA505]","[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn..."
2,f7125019233ca9714d5b2b16ef66119c37bc9033597f0c...,,9f34f0590d3c19153a800cdaea19b1ce4ba26cb6,36af9b047a76cd1e37a8188d8ad4119d,2020-08-25 12:41:01,2020-08-25 14:14:08,srt_join2.bin,274304,application/x-dosexec,exe,JAMESWT_MHT,0,TA505,cdf5bfe175bda0bb60d50a48dd0ca746,D044CFA7DB57B1EEF952D630E5A47A337E353918A12C8E...,,6144:zU0DDlOPbQ6+aKVelI7PuUMtgE6+KFlBNJXjq7fAb...,,"[64bit, dll, TA505]","[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn..."
3,7ad188a87fed28bbb4570f32ad729c492d434b8d3efdc1...,,dfed494c9e2afc0aa48cbee2ad7f27ac9cef8a91,f7020878397a7dcf7f661a166ae9fab5,2020-08-25 12:40:48,2020-08-25 14:17:52,srt_join1.bin,324480,application/x-dosexec,dll,JAMESWT_MHT,0,TA505,57bbb25cc369c676e719c14c25249dd8,186402485AE24A3AF1E9023C51E60744A9652DB02F90A0...,,6144:xXoWnIxqmbeF0x9QAd1HielOXYonTKF9YPbuHENCr...,,"[32bit, dll, TA505]","[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn..."


### Retrieves latest samples that matches the specified Certificate Serial Number

In [24]:
mbdetail = mblookup.lookup_ioc(observable="51CD5393514F7ACE2B407C3DBFB09D8D", mb_type='certificate')
display(mbdetail)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,reporter,anonymous,signature,imphash,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign
0,1a49d434e0a95bd312d3d0a6d4fd5335830970bef8009e...,,d10b67e61fcce873ecac3ff3b5fca077106ff4d4,5d3727294622a3191a33b87049e4fbaa,2020-11-04 17:11:15,,1247015.exe,277456,application/x-dosexec,exe,James_inthe_box,0,Quakbot,015974618e9105226f001019d35e62e5,D944F12329799033F4220BB64DE6D2724C7D78685A3209...,,6144:QLfhdM/bXZswyIZkEuHrBuYFCAN8XkwDLPUf:ivKb...,,"[exe, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
1,e4053c912df782e2756904eaf7eb2fc4cd54ea0b59f2dd...,,5bafc16caa8e8a8a7f3e963c581e7c389a72cc4b,09c3b79f25e4fb96636099e1c032e440,2020-11-01 10:12:01,2020-11-07 12:50:41,e4053c912df782e2756904eaf7eb2fc4cd54ea0b59f2dd...,261072,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,,4844E04213E84445FC6B667A4CB2C32016527C95A72EAF...,,6144:CawCRk4Z0Nhb4s6g1IILx4r37gCyljA6+:+Gk4Zkh...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
2,d394623d69c8cbac395b6197210ae622fb98293d2cfcd6...,,e33121ab4e815bb22c000e5283037f054c5c28a5,62891560f0dd59eb551625ed6450712e,2020-11-01 10:11:58,2020-11-06 10:55:49,d394623d69c8cbac395b6197210ae622fb98293d2cfcd6...,263632,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,303f89b8f429d52fa9a67ddad2dbfa52,EC44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...,,6144:adtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
3,d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa...,,495247119b938027aa9b06be0453a7aab5715458,7234795ec5e1575c0fde8231830df585,2020-11-01 10:11:55,2020-11-07 12:48:51,d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa...,263632,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,303f89b8f429d52fa9a67ddad2dbfa52,6944E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...,,6144:adtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
4,b722d1e333d3cabbc9399d799a05cbbf17b09f4bf48a4e...,,466dd9671f9590f9d239bd2aa3f917c1a966d733,e93c2a807d6a6e8093b1e4d92976418f,2020-11-01 10:11:53,2020-11-06 11:28:35,b722d1e333d3cabbc9399d799a05cbbf17b09f4bf48a4e...,261072,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,,6544E04213E84445F86B667A4CB2C32016527C95A72EAF...,,6144:+awCRk4Z0Nhb4s6g1IILx4r37gCyljAri:qGk4Zkh...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
5,b06e103b426a26533360cb1ab47055e3f8b3a75b7995f8...,,6d3ac735ba3022c337cbb9a980ef29ce3879d234,076c9badb09bfadea92f797b8492039d,2020-11-01 10:11:50,2020-11-07 12:52:10,b06e103b426a26533360cb1ab47055e3f8b3a75b7995f8...,261072,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,,1544E04213E84445FC6B667A4CB2C32016627C95A72EAF...,,6144:UawCRk4Z0Nhb4s6g1IILx4r37gCyljAWX:kGk4Zkh...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
6,b5e167293b5978ad7aa100c846e91e42cc1a8da04cb860...,,c4c3c49ecb41e79cbb3e156dd531926b6248f8c8,b3ffeafc033067e6fa3b1233db3720b4,2020-11-01 10:11:48,2020-11-06 11:11:36,b5e167293b5978ad7aa100c846e91e42cc1a8da04cb860...,263632,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,303f89b8f429d52fa9a67ddad2dbfa52,9E44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...,,6144:qdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
7,303121f6de8cf468ba8556e3da25d7b4ce3d326d97125a...,,70ab3c4af274fc98f9388460352fb35c71c57b14,0c480dd3889b16c97e5279bd4780eda1,2020-11-01 10:11:46,2020-11-06 11:22:41,303121f6de8cf468ba8556e3da25d7b4ce3d326d97125a...,261072,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,,2144E04213E84445FC6B627A4CB2C32016527C95A76EAF...,,6144:pawCRk4Z0Nhb4s6g1IILx4r37gCyljA1A:vGk4Zkh...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
8,67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270...,,920c5e99cc170eb91df304a18517e9f19296dfef,ee0ebee0f94b643807db675d43fee80a,2020-11-01 10:11:44,2020-11-07 12:51:09,67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270...,263632,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,303f89b8f429d52fa9a67ddad2dbfa52,EB44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...,,6144:+dtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."
9,2964eeb4bb8c0efe746244428f24422aa311b216238faf...,,c47e5c9ce2c229ea155d141b0cbc2ff2b7fb4aab,c7fda8ee4fc40075ce80747c4688942b,2020-11-01 10:11:42,2020-11-06 10:58:14,2964eeb4bb8c0efe746244428f24422aa311b216238faf...,261072,application/x-dosexec,exe,JAMESWT_MHT,0,QuakBot,,FA44E04213E84445FC6B667A4CB2C32016627C95A72EAF...,,6144:5awCRk4Z0Nhb4s6g1IILx4r37gCyljAyU:fGk4Zkh...,,"[APPI CZ a.s, Qakbot, Quakbot, signed]","[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S..."


## Get Recent Samples added

It is possible to retrieve the recent samples added to the Malware Bazaar database by using the function get_recent(). 

This function takes in parameter a 'selector' that can be:
* 'time': to retrieve the samples added in the latest 60 minutes
* 100: to get the latest 100 samples

The below examples shows how to use it. 

In [25]:
mbrecent = mblookup.get_recent(selector='time')
display(mbrecent)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,c4b7a62f399512cce3d5a72fdc5deb110520306a01d08f...,62e7070d1bf3ea8ab3d3c75f2b361a3c02ca3eff033433...,43f280c6830a1f67b93b782177319c4c609c1a61,babce82b851620e5685fd34ce0f6be79,2022-07-01 13:52:36,,SecuriteInfo.com.Variant.Tedy.111790.10032.12179,705344,application/x-dosexec,exe,...,T11EE4010D625CFD39DB9D1D3F903919140BB38ACAC582...,,12288:QtIyPXT2qzYXpBV3sp9mPHiVPHicT7LsHqU1S6sw...,,"[AgentTesla, exe, signed]","[{'subject_cn': 'Adobe', 'issuer_cn': 'Adobe',...",,89,1,
1,1bebfc4292e2d73daa79724e2b52613f99e2bb540e6682...,c2e42fc6789ca54ed25dfe497fed09e70abacb4f9bf95e...,2e5de227fc899db2f05ce8204b26f22273fcaef1,ddb97a80e258109793df87a34275881a,2022-07-01 13:50:04,,arm-20220701-1350,37596,application/x-executable,elf,...,T1AFF2E1E1C281FC50EB342C36E96BD9CB178DC69E5A64...,t13b9002813494100c12f004588653553750703dd15560...,768:rZuZXCsbXaLtnFsD2w4Ge1LHbh0lWXdVuluIzShYzr...,,,[],,23,1,
2,15327559104f6a0eec105b6466e935c535cab6b00c80d1...,2a301d168361608839c657fc8ef59e5eaadfe6a240f041...,8f73876e576d927697a31b0f161eaf0597220e90,ef4d0519efa273313ee2fade85ff7013,2022-07-01 13:21:39,2022-07-01 13:52:35,DHLMexico invoice101060.exe,637440,application/x-dosexec,exe,...,T167D4F1C326D88D0CFBB9973501732D0F16B8F66B0415...,,12288:gLAvO9X6WRbdnMs33cAlUMMdJwksaBdpO9xfkDom...,,"[exe, Loki]",[],,169,2,
3,d4cd05b264235aadded637075bb2968000ee563ee86d43...,6dafee220c25e1715de51a7cc624171c6720f97f7669c9...,cdb01d8c6a002a0b5f0f795b78f11ba2758d387b,c8955e6cb8242fed95bbe65cab2b4d77,2022-07-01 13:18:20,,BtaPdzAG6.6n-TeJ-5.dll,551936,application/x-dosexec,exe,...,T19CC4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DYOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,144,1,
4,2d83bb77a05728149c370824e88c6678398a9b67c9cb9f...,061fbc237d1b8c6abd966273748cb3d7e354c3e052c848...,b580710790aa8ccada6185d851884607ffdfdedf,882c54901d51dfeb5f54b2a5a1f66e18,2022-07-01 13:18:10,,h8zjFMzuvB.dll,551936,application/x-dosexec,exe,...,T10CC4F007B3E509BBD022467189938E539775BD44123A...,,12288:7k4q+DFOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,139,1,
5,0af762663ea1f14c6ec9fe724f39390f07ec6e2e828cc8...,ccb503afafaa4c5951498edfb68ce35672e72094493b22...,d4877f2f94cde98161f6b31350cd11f5c6a8537e,711626b614bcb92d3284cf922dc1b1b9,2022-07-01 13:18:02,,7vjvLz6Ttw8WDJ2qSDD.dll,551936,application/x-dosexec,exe,...,T1D9C4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DNOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,138,1,
6,6a2313be627b5a3832ac92d0bba539b0d852dbaef8bcd7...,f918ed504d96fd4d12ff8d7361cc7a665230202be9c8ec...,ee1241b7721b473b6c7321fc68008e987eb0251e,39df66f307dbff5e86cf2750fad30339,2022-07-01 13:17:55,,39df66f307dbff5e86cf2750fad30339,297472,application/x-dosexec,exe,...,T12754CF1172E5C032D59715768420C7B68EBFB8712526...,,6144:BvLB6VxaHB5VIQLfu5faLvZoObra7/lKFk:916VYB...,d2b1e4c4ecb987f9,"[32, Amadey, exe, trojan]",[],,128,1,
7,6178157652ea7e94bd3c380fce571c74989036f2a1e74f...,e1948d9af9d4e4c11343b49c3668f11116ce48d28fddac...,d3d3d34a73329cea8e6804f97ef5404a3aca6bc0,2962c7e6ef2880720a8b3fa055c499d0,2022-07-01 13:16:38,,DOCUMENTO_54.zip,39538,application/zip,zip,...,T17503F1E4B673170196A13237EBDE79749BCADE6C309A...,,768:niIaefNi14QxjJbscyqPUWX+1xqcW4oScT88dnoy:x...,,"[emotet, pw 317, zip]",[],,69,1,
8,9837175405e1d89accd96816ff1ed332730fc6dcfba557...,257e1e0b3d4f6e53fe8f4b69427d2870efb2f6f2727a83...,572a40283caad2647d7e787be4bf32553171230c,288acfb5abb8ae41ce0607757015bc0e,2022-07-01 13:04:46,,Requirement.exe,713728,application/x-dosexec,exe,...,T174E4F148F265E9E5E89D07BD24B144D56F30D725E9AF...,,12288:HJVxG2iNmUaeviSCYRbjW9SPRy6iAYWOfUlvWB/v...,,[exe],[],,135,1,
9,56aaae9b32451fd5a1ff7bd209639a078b3f17fc4e4649...,d9ab10bb26fe6c46514dab809d29a8e7996bbf8f090569...,5abc4eb96423741f393b4feaca87a507a2d188fb,7688026a3b5012f282d4d11b19607341,2022-07-01 13:03:09,,UPDATTED S O A.exe,755200,application/x-dosexec,exe,...,T17DF4189D325C71DEC877C9B2DA981D64EA61717FA31B...,,12288:Cxm1tNj2iNu0Re41mc5BN6lMTlX3YYfI5YFMAUZm...,,"[AgentTesla, exe]",[],,128,1,


In [27]:
mbrecent = mblookup.get_recent(selector=100)
display(mbrecent)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,c4b7a62f399512cce3d5a72fdc5deb110520306a01d08f...,62e7070d1bf3ea8ab3d3c75f2b361a3c02ca3eff033433...,43f280c6830a1f67b93b782177319c4c609c1a61,babce82b851620e5685fd34ce0f6be79,2022-07-01 13:52:36,,SecuriteInfo.com.Variant.Tedy.111790.10032.12179,705344,application/x-dosexec,exe,...,T11EE4010D625CFD39DB9D1D3F903919140BB38ACAC582...,,12288:QtIyPXT2qzYXpBV3sp9mPHiVPHicT7LsHqU1S6sw...,,"[AgentTesla, exe, signed]","[{'subject_cn': 'Adobe', 'issuer_cn': 'Adobe',...",,94,1,
1,1bebfc4292e2d73daa79724e2b52613f99e2bb540e6682...,c2e42fc6789ca54ed25dfe497fed09e70abacb4f9bf95e...,2e5de227fc899db2f05ce8204b26f22273fcaef1,ddb97a80e258109793df87a34275881a,2022-07-01 13:50:04,,arm-20220701-1350,37596,application/x-executable,elf,...,T1AFF2E1E1C281FC50EB342C36E96BD9CB178DC69E5A64...,t13b9002813494100c12f004588653553750703dd15560...,768:rZuZXCsbXaLtnFsD2w4Ge1LHbh0lWXdVuluIzShYzr...,,,[],,26,1,
2,15327559104f6a0eec105b6466e935c535cab6b00c80d1...,2a301d168361608839c657fc8ef59e5eaadfe6a240f041...,8f73876e576d927697a31b0f161eaf0597220e90,ef4d0519efa273313ee2fade85ff7013,2022-07-01 13:21:39,2022-07-01 13:52:35,DHLMexico invoice101060.exe,637440,application/x-dosexec,exe,...,T167D4F1C326D88D0CFBB9973501732D0F16B8F66B0415...,,12288:gLAvO9X6WRbdnMs33cAlUMMdJwksaBdpO9xfkDom...,,"[exe, Loki]",[],,170,2,
3,d4cd05b264235aadded637075bb2968000ee563ee86d43...,6dafee220c25e1715de51a7cc624171c6720f97f7669c9...,cdb01d8c6a002a0b5f0f795b78f11ba2758d387b,c8955e6cb8242fed95bbe65cab2b4d77,2022-07-01 13:18:20,,BtaPdzAG6.6n-TeJ-5.dll,551936,application/x-dosexec,exe,...,T19CC4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DYOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,145,1,
4,2d83bb77a05728149c370824e88c6678398a9b67c9cb9f...,061fbc237d1b8c6abd966273748cb3d7e354c3e052c848...,b580710790aa8ccada6185d851884607ffdfdedf,882c54901d51dfeb5f54b2a5a1f66e18,2022-07-01 13:18:10,,h8zjFMzuvB.dll,551936,application/x-dosexec,exe,...,T10CC4F007B3E509BBD022467189938E539775BD44123A...,,12288:7k4q+DFOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,140,1,
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
95,88ec2c5d6b57ef8b00f259f49e3bb8cf61b91747f354fd...,073f71138133f6f40ae10828af838e6ec869c394795501...,af4f07c2679e45a193d0c00359980663b7d8a4c9,dd4a97960cc6aa28296fa92ebf6be3a2,2022-07-01 08:46:42,,dd4a97960cc6aa28296fa92ebf6be3a2,551936,application/x-dosexec,exe,...,T1E3C4E007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DVOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,222,1,
96,90d4d5aa54dd9ae69d32082dd6518d66159959801f6b2c...,07baaa79adbbfad78f9d880ea665363f2d22c824482a19...,63aed43c36534f0937cc9d123ba97ef5a87340a4,fe4ba441c9baa0bd84753437a38980b5,2022-07-01 08:46:31,,fe4ba441c9baa0bd84753437a38980b5,551936,application/x-dosexec,exe,...,T134C4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DvOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,194,1,
97,bff097c2b43e72360559696d9b1847c658d758fa2c84ed...,ab71eefce2ff1913f10fa81504eb33d4e58943d47f875a...,992533d752f44046de86ab2ee47f6215165e4aef,3e5b5a94d807dbd745f0a9910ad68d28,2022-07-01 08:46:21,,3e5b5a94d807dbd745f0a9910ad68d28,561152,application/x-dosexec,exe,...,T108C4E107B3E20527C5A78339C893D619F776BC454622...,,12288:Zt5888qA2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,188,1,
98,1b55347dc12fddb5a1190612516b99346c97199f6e4972...,3a5d0c98c4b7c8b456ee1424666163193c9e60799b1154...,221252b58b12667d8c9cf3be4e001fdc66baf5d9,85cb9cb46877918fdee03a3a423dad78,2022-07-01 08:46:07,,85cb9cb46877918fdee03a3a423dad78,561152,application/x-dosexec,exe,...,T12FC4E107B3E20527C5A78339C893D619F776BC454622...,,12288:Zt5888qv2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,188,1,


## Query Code Signing Certificate Blocklist (CSCB)

MalwareBazaar maintains a list of code signing certificates used by threat actors to sign malware. The CSCB is being generated every 5 minutes and availabe in CSV format. 

The function get_cscb() can be used to retrieve the list in a pandas dataframe. This function can be used without any parameters.

In [28]:
mbcscb = mblookup.get_cscb()
display(mbrecent)

Unnamed: 0,sha256_hash,sha3_384_hash,sha1_hash,md5_hash,first_seen,last_seen,file_name,file_size,file_type_mime,file_type,...,tlsh,telfhash,ssdeep,dhash_icon,tags,code_sign,intelligence.clamav,intelligence.downloads,intelligence.uploads,intelligence.mail
0,c4b7a62f399512cce3d5a72fdc5deb110520306a01d08f...,62e7070d1bf3ea8ab3d3c75f2b361a3c02ca3eff033433...,43f280c6830a1f67b93b782177319c4c609c1a61,babce82b851620e5685fd34ce0f6be79,2022-07-01 13:52:36,,SecuriteInfo.com.Variant.Tedy.111790.10032.12179,705344,application/x-dosexec,exe,...,T11EE4010D625CFD39DB9D1D3F903919140BB38ACAC582...,,12288:QtIyPXT2qzYXpBV3sp9mPHiVPHicT7LsHqU1S6sw...,,"[AgentTesla, exe, signed]","[{'subject_cn': 'Adobe', 'issuer_cn': 'Adobe',...",,94,1,
1,1bebfc4292e2d73daa79724e2b52613f99e2bb540e6682...,c2e42fc6789ca54ed25dfe497fed09e70abacb4f9bf95e...,2e5de227fc899db2f05ce8204b26f22273fcaef1,ddb97a80e258109793df87a34275881a,2022-07-01 13:50:04,,arm-20220701-1350,37596,application/x-executable,elf,...,T1AFF2E1E1C281FC50EB342C36E96BD9CB178DC69E5A64...,t13b9002813494100c12f004588653553750703dd15560...,768:rZuZXCsbXaLtnFsD2w4Ge1LHbh0lWXdVuluIzShYzr...,,,[],,26,1,
2,15327559104f6a0eec105b6466e935c535cab6b00c80d1...,2a301d168361608839c657fc8ef59e5eaadfe6a240f041...,8f73876e576d927697a31b0f161eaf0597220e90,ef4d0519efa273313ee2fade85ff7013,2022-07-01 13:21:39,2022-07-01 13:52:35,DHLMexico invoice101060.exe,637440,application/x-dosexec,exe,...,T167D4F1C326D88D0CFBB9973501732D0F16B8F66B0415...,,12288:gLAvO9X6WRbdnMs33cAlUMMdJwksaBdpO9xfkDom...,,"[exe, Loki]",[],,170,2,
3,d4cd05b264235aadded637075bb2968000ee563ee86d43...,6dafee220c25e1715de51a7cc624171c6720f97f7669c9...,cdb01d8c6a002a0b5f0f795b78f11ba2758d387b,c8955e6cb8242fed95bbe65cab2b4d77,2022-07-01 13:18:20,,BtaPdzAG6.6n-TeJ-5.dll,551936,application/x-dosexec,exe,...,T19CC4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DYOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,145,1,
4,2d83bb77a05728149c370824e88c6678398a9b67c9cb9f...,061fbc237d1b8c6abd966273748cb3d7e354c3e052c848...,b580710790aa8ccada6185d851884607ffdfdedf,882c54901d51dfeb5f54b2a5a1f66e18,2022-07-01 13:18:10,,h8zjFMzuvB.dll,551936,application/x-dosexec,exe,...,T10CC4F007B3E509BBD022467189938E539775BD44123A...,,12288:7k4q+DFOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, pw 317]",[],,140,1,
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
95,88ec2c5d6b57ef8b00f259f49e3bb8cf61b91747f354fd...,073f71138133f6f40ae10828af838e6ec869c394795501...,af4f07c2679e45a193d0c00359980663b7d8a4c9,dd4a97960cc6aa28296fa92ebf6be3a2,2022-07-01 08:46:42,,dd4a97960cc6aa28296fa92ebf6be3a2,551936,application/x-dosexec,exe,...,T1E3C4E007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DVOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,222,1,
96,90d4d5aa54dd9ae69d32082dd6518d66159959801f6b2c...,07baaa79adbbfad78f9d880ea665363f2d22c824482a19...,63aed43c36534f0937cc9d123ba97ef5a87340a4,fe4ba441c9baa0bd84753437a38980b5,2022-07-01 08:46:31,,fe4ba441c9baa0bd84753437a38980b5,551936,application/x-dosexec,exe,...,T134C4F007B3E109BBD022467189938E539775BD44123A...,,12288:7k4q+DvOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7f...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,194,1,
97,bff097c2b43e72360559696d9b1847c658d758fa2c84ed...,ab71eefce2ff1913f10fa81504eb33d4e58943d47f875a...,992533d752f44046de86ab2ee47f6215165e4aef,3e5b5a94d807dbd745f0a9910ad68d28,2022-07-01 08:46:21,,3e5b5a94d807dbd745f0a9910ad68d28,561152,application/x-dosexec,exe,...,T108C4E107B3E20527C5A78339C893D619F776BC454622...,,12288:Zt5888qA2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,188,1,
98,1b55347dc12fddb5a1190612516b99346c97199f6e4972...,3a5d0c98c4b7c8b456ee1424666163193c9e60799b1154...,221252b58b12667d8c9cf3be4e001fdc66baf5d9,85cb9cb46877918fdee03a3a423dad78,2022-07-01 08:46:07,,85cb9cb46877918fdee03a3a423dad78,561152,application/x-dosexec,exe,...,T12FC4E107B3E20527C5A78339C893D619F776BC454622...,,12288:Zt5888qv2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz...,0000000000000000,"[Emotet, exe, Heodo, trojan]",[],,188,1,


## Download a specific sample from Malware Bazaar
The function download_sample() can be used to download a specific file by specifying a sha256. The downloaded file is zipped with a password. You can ask the password to @vx-underground. :p 

In [2]:
sample = mblookup.download_sample("7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754")

In [4]:
# Copy the bytes into a file.
zippedsample = open("sample.zip", "wb")
zippedsample.write(sample)
zippedsample.close()