Skip to content

Malware Intelligence

Introduction

The malware_intel module allows you to interact with the Recorded Future Malware Intelligence. Currently it is only supported the retrieval of reports from an already known SHA256.

See the API Reference for internal details of the module.

Notes

  • The reports method returns at most 10 reports, with the highest sandbox score.

Examples

Warning

The following examples demonstrate how to use this module. Be sure to add appropriate error handling as needed; all possible errors for each method or function are listed in the API Reference page.

Additionally, you must configure the RF_TOKEN environment variable before getting started. For instructions, see Learn.

1: Search for reports for a specific SHA256 hash

In this example you search for a query that is matching all the reports having a sha256 as defined in the sha256 argument. The start and end date are relative to the day in which you run the example. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
from psengine.malware_intel import MalwareIntelMgr

mgr = MalwareIntelMgr()

reports = mgr.reports(
    query='static.sha256',
    sha256='c5455c43f6a295392cf7db66c68f8c725029f88e089ed01e3de858a114f0764f',
    start_date='-20d',
    end_date='-1d',
)

for report in reports:
    print(report)

The output of the example is:

1
2
3
4
Sandbox Report of: c5455c43f6a295392cf7db66c68f8c725029f88e089ed01e3de858a114f0764f, Score: 10, Task: behavioral2, Submitted: 2025-09-25T16:45:03.000Z
Sandbox Report of: c5455c43f6a295392cf7db66c68f8c725029f88e089ed01e3de858a114f0764f, Score: 10, Task: behavioral1, Submitted: 2025-09-25T16:45:03.000Z
Sandbox Report of: c5455c43f6a295392cf7db66c68f8c725029f88e089ed01e3de858a114f0764f, Score: 3, Task: behavioral2, Submitted: 2025-09-25T10:48:25.000Z
Sandbox Report of: c5455c43f6a295392cf7db66c68f8c725029f88e089ed01e3de858a114f0764f, Score: 3, Task: behavioral1, Submitted: 2025-09-25T10:48:25.000Z