OUR MISSION
Making the Internet a safer place by providing actionable, community-driven threat intelligence data.
abuse.ch has been effecting change on cybercrime for almost twenty years, owing to global recognition of our identified and tracked cyber threat signals. Supported by a community of 15,000 specialist researchers, abuse.ch’s independent intelligence is relied on by security researchers, network operators and law enforcement agencies.
Together with Spamhaus, we provide the largest, independently crowdsourced intelligence of tracked malware and botnets to the industry. We develop and operate specialized platforms, built for IT security experts, to share and access relevant threat intel data.
abuse.ch is an established, trusted, and dedicated space for cyber threat intelligence experts.
Community is Central; Sharing is Caring.
Follow us on social media:
@abuse_ch
abuse.ch
@abuse_ch@ioc.exchangeOUR PLATFORMS
abuse.ch maintains six public platforms, all supported by our partnership with Spamhaus, to aid cybersecurity researchers and practitioners in their day-to-day roles. Varying in focus areas, all platforms are designed to help identify, track, and mitigate against malware and botnet-related cyber threats.
The abuse.ch community, anti-virus vendors and threat intelligence providers can contribute and consume from the following platforms:
Sharing newly observed malware samples
Used to track servers of prolific C2s - since Operation Endgame, this dataset is empty
Sharing blocklist data for malicious SSL certificates and JA3/JA3s fingerprints
Sharing malicious URLs being used for malware distribution
Sharing indicators of compromise (IOCs) associated with malware.
A large repository of YARA rules to identify and classify malware - use to share rules, hunt, and scan
BLOG
Community First - new authentication, new data, and new functionality
Published on 18th Nov 2024, 17:00:00 UTC
abuse.ch has an unwavering commitment: to sustain and support its cyber security community. All internet users owe thanks to this force of threat hunters who consistently make a positive and lasting impacton Internet safety. To further empower this collective, with assistance from Spamhaus, developments are coming to all the abuse.ch platforms. Discover what and why in this blog post.
Read on >abuse.ch & Spamhaus: The Impact of Your Contributions
Published on 11th Nov 2024, 14:00:00 UTC
If you’re contributing to any of the abuse.ch platforms, have you ever wondered about the impact that you’re making? We strongly believe that “sharing is caring” and so are shedding more light on how your contributions are making the internet a safer place - for everyone! Your contributions have more impact than you think.
Read on >abuse.ch appoints Spamhaus as a licensee to secure its future
Published on 8th Aug 2022, 13:00:00 UTC
On Monday, August 1st, 2022, Spamhaus Technology became the primary licensee of data produced by abuse.ch. Here's an outline of why this partnership was conceived and what it hopes to achieve in the future. In 2008, a sole researcher founded abuse.ch – a project committed to fighting abuse on the internet.
Read on >Introducing YARAify
Published on 13th June 2022, 11:23:48 UTC
About a year ago, we have launched ThreatFox - a community driven platform to share indicators of compromise (IOCs). Today, I'm very excited to announce the launch of our most recent project: YARAify! YARAify is your central hub for scanning and hunting files using YARA.
Read on >abuse.ch gets a new home at BFH
Published on 1st June 2021, 07:25:31 UTC
In October 2020, I've described the challenges I'm facing with operating abuse.ch as a non-profit project. I've also draw a plan for the future of abuse.ch that was collecting sufficient funds to turn abuse.ch into a research project. Today, I'm very excited to announce that the fund raising was successful and that as of April 15th 2021, abuse.ch became a research project at Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland.
Read on >Introducing ThreatFox
Published on 8th March 2021, 12:41:55 UTC
In 2018, I've launched URLhaus - a platform where security researchers and threat analysts can share malware distribution sites with the community. A year ago, in March 2020, the launch of MalwareBazaar enabled the community to share malware samples with others and hunt for such by e.g. using YARA rules. The goal of abuse.ch always was to make threat intelligence easy accessible for everyone - for free, and without the need of a registration on a platform.
Read on >STATISTICS
Using data from our various threat intelligence platforms, below you will find high-level numbers relating to malware signals shared with abuse.ch. This data is updated every 24 hours.
Most seen Malware
| # | Malware |
|---|---|
| 1 | StrelaStealer |
| 2 | RedLineStealer |
| 3 | Emotet |
| 4 | Worm.m0yv |
| 5 | Downloader.Upatre |
| 6 | Expiro |
| 7 | Snojan |
| 8 | Gh0stRAT |
| 9 | Ganelp |
| 10 | Cosmu |
Analysed File Types
| Malware Samples | File Type |
|---|---|
| 6208 | js |
| 423 | exe |
| 271 | xls |
| 235 | xlsm |
| 150 | xlsb |
| 71 | xlsx |
| 64 | doc |
| 56 | dll |
| 40 | docx |
| 14 | docm |