search_signature
Pack: malwarebazaar · Endpoint: https://gateway.pipeworx.io/malwarebazaar/mcp
Find samples matching a YARA / threat-intel signature.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
signature | string | yes | Signature name (e.g., “Cobalt Strike”) |
limit | number | no | Max results (default 100) |
Example call
Arguments
{
"signature": "Cobalt Strike"
}
curl
curl -X POST https://gateway.pipeworx.io/malwarebazaar/mcp \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"search_signature","arguments":{"signature":"Cobalt Strike"}}}'
TypeScript (@pipeworx/sdk)
import { Pipeworx } from '@pipeworx/sdk';
const pipeworx = new Pipeworx();
const result = await pipeworx.call('search_signature', {
"signature": "Cobalt Strike"
});
More examples
{
"signature": "Mimikatz",
"limit": 75
}
Response shape
Always returns: query, status, count, samples
| Field | Type | Description |
|---|---|---|
query | string | Query type used (get_yara) |
status | string | null | Query status (ok, no_results, or null) |
count | number | Number of samples returned |
samples | array | Array of samples matching signature |
Full JSON Schema
{
"type": "object",
"properties": {
"query": {
"type": "string",
"description": "Query type used (get_yara)"
},
"status": {
"type": [
"string",
"null"
],
"description": "Query status (ok, no_results, or null)",
"enum": [
"ok",
"no_results",
null
]
},
"count": {
"type": "number",
"description": "Number of samples returned"
},
"samples": {
"type": "array",
"description": "Array of samples matching signature",
"items": {
"type": "object"
}
}
},
"required": [
"query",
"status",
"count",
"samples"
]
}
Connect
Add this to your MCP client config, or use one-click install buttons:
{
"mcpServers": {
"malwarebazaar": {
"url": "https://gateway.pipeworx.io/malwarebazaar/mcp"
}
}
}
See Getting Started for client-specific install steps.