FIGHTING MALWARE AND BOTNETS

Independent, community-driven cyber threat intelligence.

Our platforms »

OUR MISSION

Making the Internet a safer place by providing actionable, community-driven threat intelligence data.

abuse.ch has been effecting change on cybercrime for almost twenty years, owing to global recognition of our identified and tracked cyber threat signals. Supported by a community of 15,000 specialist researchers, abuse.ch’s independent intelligence is relied on by security researchers, network operators and law enforcement agencies.

Together with Spamhaus, we provide the largest, independently crowdsourced intelligence of tracked malware and botnets to the industry. We develop and operate specialized platforms, built for IT security experts, to share and access relevant threat intel data.

abuse.ch is an established, trusted, and dedicated space for cyber threat intelligence experts.

Community is Central; Sharing is Caring.

Follow us on social media:

OUR PLATFORMS

abuse.ch maintains six public platforms, all supported by our partnership with Spamhaus, to aid cybersecurity researchers and practitioners in their day-to-day roles. Varying in focus areas, all platforms are designed to help identify, track, and mitigate against malware and botnet-related cyber threats.

The abuse.ch community, anti-virus vendors and threat intelligence providers can contribute and consume from the following platforms:

MalwareBazaar

Sharing newly observed malware samples

Feodo Tracker

Used to track servers of prolific C2s - since Operation Endgame, this dataset is empty

SSL Blacklist (SSLBL)

Sharing blocklist data for malicious SSL certificates and JA3/JA3s fingerprints

URLhaus

Sharing malicious URLs being used for malware distribution

ThreatFox

Sharing indicators of compromise (IOCs) associated with malware.

YARAify

A large repository of YARA rules to identify and classify malware - use to share rules, hunt, and scan

BLOG

Community First - new authentication, new data, and new functionality

Published on 18th Nov 2024, 17:00:00 UTC

abuse.ch has an unwavering commitment: to sustain and support its cyber security community. All internet users owe thanks to this force of threat hunters who consistently make a positive and lasting impacton Internet safety. To further empower this collective, with assistance from Spamhaus, developments are coming to all the abuse.ch platforms. Discover what and why in this blog post.

Read on >

abuse.ch & Spamhaus: The Impact of Your Contributions

Published on 11th Nov 2024, 14:00:00 UTC

If you’re contributing to any of the abuse.ch platforms, have you ever wondered about the impact that you’re making? We strongly believe that “sharing is caring” and so are shedding more light on how your contributions are making the internet a safer place - for everyone! Your contributions have more impact than you think.

Read on >

abuse.ch appoints Spamhaus as a licensee to secure its future

Published on 8th Aug 2022, 13:00:00 UTC

On Monday, August 1st, 2022, Spamhaus Technology became the primary licensee of data produced by abuse.ch. Here's an outline of why this partnership was conceived and what it hopes to achieve in the future. In 2008, a sole researcher founded abuse.ch – a project committed to fighting abuse on the internet.

Read on >

Introducing YARAify

Published on 13th June 2022, 11:23:48 UTC

About a year ago, we have launched ThreatFox - a community driven platform to share indicators of compromise (IOCs). Today, I'm very excited to announce the launch of our most recent project: YARAify! YARAify is your central hub for scanning and hunting files using YARA.

Read on >

abuse.ch gets a new home at BFH

Published on 1st June 2021, 07:25:31 UTC

In October 2020, I've described the challenges I'm facing with operating abuse.ch as a non-profit project. I've also draw a plan for the future of abuse.ch that was collecting sufficient funds to turn abuse.ch into a research project. Today, I'm very excited to announce that the fund raising was successful and that as of April 15th 2021, abuse.ch became a research project at Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland.

Read on >

Introducing ThreatFox

Published on 8th March 2021, 12:41:55 UTC

In 2018, I've launched URLhaus - a platform where security researchers and threat analysts can share malware distribution sites with the community. A year ago, in March 2020, the launch of MalwareBazaar enabled the community to share malware samples with others and hunt for such by e.g. using YARA rules. The goal of abuse.ch always was to make threat intelligence easy accessible for everyone - for free, and without the need of a registration on a platform.

Read on >

Blog Archive

STATISTICS

Using data from our various threat intelligence platforms, below you will find high-level numbers relating to malware signals shared with abuse.ch. This data is updated every 24 hours.

Most seen Malware

# Malware
1 StrelaStealer
2 RedLineStealer
3 Emotet
4 Worm.m0yv
5 Downloader.Upatre
6 Expiro
7 Snojan
8 Gh0stRAT
9 Ganelp
10 Cosmu

Analysed File Types

Malware Samples File Type
6208 js
423 exe
271 xls
235 xlsm
150 xlsb
71 xlsx
64 doc
56 dll
40 docx
14 docm

Processed Malware Samples per Day

Spam Statistics