Malware hunting

The Malware Hunting APIs enable threat researchers to search for samples, find similar files, create custom detection rules, and track malware families across the Spectra Intelligence repository.

Common Use Cases

Search for samples

Advanced search (TCA-0320) - Build complex queries using keywords and operators to filter samples by classification, file type, threat name, and more.
Indicators of Compromise (TCA-0330) - Retrieve structured IoC data for samples and URLs with filtering by classification, malware family, threat actor, and vertical.

Find similar files

Functionally similar files (TCA-0301) - Find files with similar code structure using ReversingLabs Hashing Algorithm (RHA1).
Functionally similar files (analytics) (TCA-0321) - Get statistics on how many malicious, suspicious, and known files are functionally similar to a sample.
Imphash similarity (TCA-0302) - Find Windows PE files sharing the same import hash.

Create custom detection rules

YARA hunting (TCA-0303) - Upload YARA rules to match against new samples entering the system.
YARA retro hunting (TCA-0319) - Run YARA rules against the last 90 days of stored samples.

Track malware families

These APIs provide statistics and search capabilities for the Targeted and industry-specific file indicator feeds (TCF-0401-0406).

Vertical feeds statistics (TCA-0307-0311, 0317) - Get weekly statistics on malware families by industry category.
Vertical feeds search (TCA-0312-0316, 0318) - Search for new malware hashes by family name within industry-specific feeds.

All Malware Hunting APIs

📄️ Advanced search (TCA-0320)

Spectra Intelligence TCA-0320 builds complex queries to filter samples by classification and threat indicators

📄️ YARA hunting (TCA-0303)

Spectra Intelligence TCA-0303 uploads custom YARA rules to match patterns against new samples in system

📄️ YARA retro hunting (TCA-0319)

Spectra Intelligence TCA-0319 runs YARA rules retroactively against last 90 days of stored samples

📄️ Functionally similar files (TCA-0301)

Spectra Intelligence TCA-0301 finds functionally similar code using ReversingLabs Hashing Algorithm (RHA1)

📄️ Functionally similar files (analytics) (TCA-0321)

Spectra Intelligence TCA-0321 provides statistics on malicious and suspicious files functionally similar to samples

📄️ Imphash similarity (TCA-0302)

Spectra Intelligence TCA-0302 finds Windows PE files with matching import hashes for code pattern analysis

📄️ Vertical feeds statistics (TCA-0307-0311, 0317)

Spectra Intelligence TCA-0307-0311 provides weekly statistics on malware families by industry category

📄️ Vertical feeds search (TCA-0312-0316, 0318)

Spectra Intelligence TCA-0312-0316 searches malware by family name within industry-specific feeds

📄️ Indicators of Compromise (TCA-0330)

Spectra Intelligence TCA-0330 delivers structured threat intelligence data for samples and URLs with filtering

Common Use Cases​

Search for samples​

Find similar files​

Create custom detection rules​

Track malware families​

All Malware Hunting APIs​