Spectra Intelligence Malware Hunting API — YARA, Search & IoC

The Malware Hunting APIs enable threat researchers to search for samples, find similar files, create custom detection rules, and track malware families across the Spectra Intelligence repository.

Common Use Cases

Search for samples

Advanced search (TCA-0320) - Build complex queries using keywords and operators to filter samples by classification, file type, threat name, and more.
Indicators of Compromise (TCA-0330) - Retrieve structured IoC data for samples and URLs with filtering by classification, malware family, threat actor, and vertical.

Find similar files

Functionally similar files (TCA-0301) - Find files with similar code structure using ReversingLabs Hashing Algorithm (RHA1).
Functionally similar files (analytics) (TCA-0321) - Get statistics on how many malicious, suspicious, and known files are functionally similar to a sample.
Imphash similarity (TCA-0302) - Find Windows PE files sharing the same import hash.

Create custom detection rules

YARA hunting (TCA-0303) - Upload YARA rules to match against new samples entering the system.
YARA retro hunting (TCA-0319) - Run YARA rules against the last 90 days of stored samples.

Track malware families

These APIs provide statistics and search capabilities for the Targeted and industry-specific file indicator feeds (TCF-0401-0406).

Vertical feeds statistics (TCA-0307-0311, 0317) - Get weekly statistics on malware families by industry category.
Vertical feeds search (TCA-0312-0316, 0318) - Search for new malware hashes by family name within industry-specific feeds.

All Malware Hunting APIs

📄️ Advanced search (TCA-0320)

Submit advanced search queries to TCA-0320 to filter Spectra Intelligence samples by classification, threat level, malware family, file type, and network indicators.

📄️ YARA hunting (TCA-0303)

Upload YARA rulesets to Spectra Intelligence tca-0303 to match text or binary patterns against newly ingested samples; supports PE, ELF, Dex, Macho, and Dotnet modules.

📄️ YARA retro hunting (TCA-0319)

Run YARA rulesets retroactively against the last 90 days of Spectra Intelligence samples using tca-0319; manage retro hunts with retro-admin and fetch matches via retro-matches.

📄️ Similar files RHA1 (TCA-0301)

Find functionally similar files using Spectra Intelligence tca-0301 and the RHA1 algorithm; query by SHA1 hash at 25% or 50% precision for PE, MachO, and ELF files.

📄️ Functionally similar files (analytics) (TCA-0321)

Submit a SHA1 hash to TCA-0321 and receive real-time statistics on malicious, suspicious, and known files that are functionally similar at a selected RHA1 precision level.

📄️ Imphash similarity (TCA-0302)

Find Windows PE files sharing the same import hash (imphash) using Spectra Intelligence tca-0302; returns SHA1 hashes paginated at up to 1000 records per page.

📄️ Vertical feeds statistics (TCA-0307-0317)

Query weekly malware family statistics by industry category using Spectra Intelligence tca-0307 to tca-0311 and tca-0317 — APT, Financial, Ransomware, Retail, and CVE.

📄️ Vertical feeds search (TCA-0312-0318)

Search industry-specific malware feeds in Spectra Intelligence by family name using tca-0312 to tca-0316 and tca-0318; covers APT, Financial, Ransomware, and CVE Exploit feeds.

📄️ Indicators of Compromise (TCA-0330)

Query TCA-0330 for structured IoC data on samples and URLs with filtering by classification, threat level, malware family, platform, and vertical; returns paginated JSON.

Common Use Cases​

Search for samples​

Find similar files​

Create custom detection rules​

Track malware families​

All Malware Hunting APIs​