Malware Patrol provides some of its threat data feeds via Amazon / AWS S3 buckets. Among the feeds are the “Malware Samples (Binaries)” and the “Bitcoin Transactions (JSON format)”. Amazon Simple Storage Service has a simple web services interface that can use to store and retrieve any amount of data, at any time, from anywhere on the web. For more information on AWS S3 buckets, please visit their site.

During evaluation or as a customer, your Account Manager will provide you the following information:

  • Bucket path
  • Access key
  • Secret key

The S3 bucket receives data (samples, transactions, etc) in real time, as soon as they are collected and analyzed by our systems. A policy is set to automatically delete objects older than 15 days.

You can access the bucket using your tool of choice, however, we have included very simple instructions to access it using a command line tool called s3cmd. It is available at:


After downloading and installing, it needs to be configured using credentials provided by Malware Patrol:

$ s3cmd –configure

And then you are ready to issue commands like ‘ls’ and ‘get’ among others:

$ s3cmd ls s3://_bucket_name_/

AWS S3 is an object storage and therefore doesn’t work with directories as in a regular file system, but mimics them. Therefore, it is possible to download files simply by doing something like this:

$ s3cmd get s3://_bucket_name_/malware/samples/*.gz


$ s3cmd get s3://_bucket_name_/malware/samples/43*.gz

Don’t hesitate to contact us at support (@) malwarepatrol.net if you experience any difficulties.

For more configuration guides, visit our Tech Support page.

Andre Correa

Co-Founder, Malware Patrol

Andre Correa - Malware PatrolInformation Security and Threat Intelligence Professional whose qualifications include in-depth knowledge of Internet technologies, current cyber security landscape, incident response, security mechanisms and best practices. He founded the Malware Patrol project in 2005. The company is helping enterprises around the world to protect themselves from malware and ransomware attacks through some of the most comprehensive threat data feeds and block lists on the market.