Search the malware corpus for exact binary patterns and strings with byte-level precision.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
PatternsSpecify an array of hex patterns or strings to search for within file contents at the byte level.Each pattern should be an object with “type” and “value” fields. For example:[ { "type":"hex", "value":"8948208b480833ca33f989502489482889782c8bd7" }, { "type":"ascii", "value":"suspicious_string" }]

Advanced Parameters

ParameterDescription
File TypesA comma-separated list of file types to restrict search results by.For example:* EMAIL* PCAP* PDF* PE32
LimitThe maximum number of matching files to return in the response.
Max DateOnly include files first observed before this date.
Max SizeOnly include files smaller than this size. Accepts values in bytes or with units.For example:* 128000* 1.3KB* 8MB* 2GB
Metadata FieldsA comma-separated list of metadata fields to include in results.For example:* sha256* md5* type* size* first_seen* label* family
Min DateOnly include files first observed after this date.
Min SizeOnly include files larger than this size. Accepts values in bytes or with units.For example:* 128000* 1.3KB* 8MB* 2GB

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"ignore_reason": "Reason why the resource is ignored",
			"label": "Sample label",
			"label_confidence": "Resource label confidence",
			"md5": "Sample MD5",
			"pattern": "Search pattern",
			"pattern_type": "Search pattern type",
			"samples": [
				{
					"family": "Sample family",
					"filesize": 0,
					"filetype": "Sample file type",
					"first_seen": "Date when it was first seen",
					"label": "Sample label",
					"md5": "Sample MD5",
					"sha1": "Sample SHA1",
					"sha256": "Sample SHA256"
				}
			],
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256",
			"tags": [
				"string"
			],
			"yara_rule": "Search YARA rule",
			"yara_rules": [
				"string"
			]
		}
	]
}

Workflow Library Example

Malquery Exact Search with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop