FIGHTING MALWARE AND BOTNETS

Independent, community-driven cyber threat intelligence.

Our platforms »

OUR MISSION

Making the Internet a safer place by providing actionable, community-driven threat intelligence data.

abuse.ch has been effecting change on cybercrime for almost twenty years, owing to global recognition of our identified and tracked cyber threat signals. Supported by a community of 15,000 specialist researchers, abuse.ch’s independent intelligence is relied on by security researchers, network operators and law enforcement agencies.

Together with Spamhaus, we provide the largest, independently crowdsourced intelligence of tracked malware and botnets to the industry. We develop and operate specialized platforms, built for IT security experts, to share and access relevant threat intel data.

abuse.ch is an established, trusted, and dedicated space for cyber threat intelligence experts.

Community is Central; Sharing is Caring.

Follow us on social media:

OUR PLATFORMS

abuse.ch maintains six public platforms, all supported by our partnership with Spamhaus, to aid cybersecurity researchers and practitioners in their day-to-day roles. Varying in focus areas, all platforms are designed to help identify, track, and mitigate against malware and botnet-related cyber threats.

The abuse.ch community, anti-virus vendors and threat intelligence providers can contribute and consume from the following platforms:

MalwareBazaar

Sharing newly observed malware samples

Feodo Tracker

Used to track servers of prolific C2s - since Operation Endgame, this dataset is empty

SSL Blacklist (SSLBL)

Sharing blocklist data for malicious SSL certificates and JA3/JA3s fingerprints

URLhaus

Sharing malicious URLs being used for malware distribution

ThreatFox

Sharing indicators of compromise (IOCs) associated with malware.

YARAify

A large repository of YARA rules to identify and classify malware - use to share rules, hunt, and scan

BLOG

abuse.ch appoints Spamhaus as a licensee to secure its future

Published on 8th Aug 2022, 13:00:00 UTC

On Monday, August 1st, 2022, Spamhaus Technology became the primary licensee of data produced by abuse.ch. Here's an outline of why this partnership was conceived and what it hopes to achieve in the future. In 2008, a sole researcher founded abuse.ch – a project committed to fighting abuse on the internet.

Read on >

Introducing YARAify

Published on 13th June 2022, 11:23:48 UTC

About a year ago, we have launched ThreatFox - a community driven platform to share indicators of compromise (IOCs). Today, I'm very excited to announce the launch of our most recent project: YARAify! YARAify is your central hub for scanning and hunting files using YARA.

Read on >

abuse.ch gets a new home at BFH

Published on 1st June 2021, 07:25:31 UTC

In October 2020, I've described the challenges I'm facing with operating abuse.ch as a non-profit project. I've also draw a plan for the future of abuse.ch that was collecting sufficient funds to turn abuse.ch into a research project. Today, I'm very excited to announce that the fund raising was successful and that as of April 15th 2021, abuse.ch became a research project at Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland.

Read on >

Introducing ThreatFox

Published on 8th March 2021, 12:41:55 UTC

In 2018, I've launched URLhaus - a platform where security researchers and threat analysts can share malware distribution sites with the community. A year ago, in March 2020, the launch of MalwareBazaar enabled the community to share malware samples with others and hunt for such by e.g. using YARA rules. The goal of abuse.ch always was to make threat intelligence easy accessible for everyone - for free, and without the need of a registration on a platform.

Read on >

Moving Forward

Published on 26th October 2020, 13:45:09 UTC

13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and abuse.ch was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.

Read on >

Introducing MalwareBazaar

Published on 17th March 2020, 12:29:31 UTC

Almost two years ago, I've launched URLhaus with the goal of collecting malware distribution sites. With more than 300,000 malware distribution sites tracked, the project still is a great success. However, over the past weeks, I've been focusing my efforts on a new project. And here' it is: MalwareBazaar! MalwareBazaar collects known malicious malware sample, enriches them with additional intelligence and provides them back to the community - for free!

Read on >

Blog Archive

STATISTICS

Using data from our various threat intelligence platforms, below you will find high-level numbers relating to malware signals shared with abuse.ch. This data is updated every 24 hours.

Most seen Malware

# Malware
1 StrelaStealer
2 Downloader.Upatre
3 Triusor
4 Gh0stRAT
5 BlackShades
6 Blackmoon
7 Simda
8 Sality
9 Ganelp
10 njrat

Analysed File Types

Malware Samples File Type
48441 exe
8495 js
621 dll
212 xls
150 xlsm
91 xlsb
67 jar
49 xlsx
44 doc
29 docx

Processed Malware Samples per Day

Spam Statistics