Tier 4: MalwareBazaar fetcher by sha256 #4

New issue

Closed

opened 2026-04-30 00:10:40 -05:00 by max · 0 comments

max commented 2026-04-30 00:10:40 -05:00

Owner

Copy link

The samples/manifest.toml schema already supports sample.sha256 + sample.source (Sample.kind == "real" when sha256 is present). What is missing:

• tools/fetch_sample.py — pulls a sample by sha256 from MalwareBazaar (https://bazaar.abuse.ch/api/), verifies hash, lands at samples/store/<sha256> (gitignored).
• Driver dispatch: when sample.kind == "real", upload the binary into the session and execute it instead of the exploits.workloads mimic. The mimic remains the fallback when the binary is absent.
• Sample manifest: add real entries with sha256 once known-good binaries are picked.

Note: MalwareBazaar requires an API key (free, registration). The fetcher should read from samples/.bazaar.token (gitignored) or env.

The samples/manifest.toml schema already supports `sample.sha256` + `sample.source` (Sample.kind == "real" when sha256 is present). What is missing: - `tools/fetch_sample.py` — pulls a sample by sha256 from MalwareBazaar (https://bazaar.abuse.ch/api/), verifies hash, lands at `samples/store/<sha256>` (gitignored). - Driver dispatch: when `sample.kind == "real"`, upload the binary into the session and execute it instead of the `exploits.workloads` mimic. The mimic remains the fallback when the binary is absent. - Sample manifest: add real entries with sha256 once known-good binaries are picked. Note: MalwareBazaar requires an API key (free, registration). The fetcher should read from `samples/.bazaar.token` (gitignored) or env.

max referenced this issue from a commit 2026-04-30 00:11:36 -05:00

README + AGENTS.md: reflect fleet, driver v2, all 4 collectors

max referenced this issue from a commit 2026-04-30 00:17:51 -05:00

Close out the open issues: bridge pcap wiring, perf collector, Tier-4

max closed this issue 2026-04-30 00:17:51 -05:00

max referenced this issue from a commit 2026-04-30 00:37:02 -05:00

README: Tier 4 is shipped, source 3 is shipped — drop the stale 🚧 marks

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

Dev_REL3_050126

Dev_REL2_043026

Dev_REL1_043026

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: bolyai/CIS490#4

No description provided.