OUR MISSION
Making the Internet a safer place by providing actionable, community-driven threat intelligence data.
abuse.ch has been effecting change on cybercrime for almost twenty years, owing to global recognition of our identified and tracked cyber threat signals. Supported by a community of 15,000 specialist researchers, abuse.ch’s independent intelligence is relied on by security researchers, network operators and law enforcement agencies.
Together with Spamhaus, we provide the largest, independently crowdsourced intelligence of tracked malware and botnets to the industry. We develop and operate specialized platforms, built for IT security experts, to share and access relevant threat intel data.
abuse.ch is an established, trusted, and dedicated space for cyber threat intelligence experts.
Community is Central; Sharing is Caring.
Follow us on social media:
@abuse_ch
abuse.ch
@abuse_ch@ioc.exchangeOUR PLATFORMS
abuse.ch maintains six public platforms, all supported by our partnership with Spamhaus, to aid cybersecurity researchers and practitioners in their day-to-day roles. Varying in focus areas, all platforms are designed to help identify, track, and mitigate against malware and botnet-related cyber threats.
The abuse.ch community, anti-virus vendors and threat intelligence providers can contribute and consume from the following platforms:
Sharing newly observed malware samples
Used to track servers of prolific C2s - since Operation Endgame, this dataset is empty
Sharing blocklist data for malicious SSL certificates and JA3/JA3s fingerprints
Sharing malicious URLs being used for malware distribution
Sharing indicators of compromise (IOCs) associated with malware.
A large repository of YARA rules to identify and classify malware - use to share rules, hunt, and scan
BLOG
abuse.ch appoints Spamhaus as a licensee to secure its future
Published on 8th Aug 2022, 13:00:00 UTC
On Monday, August 1st, 2022, Spamhaus Technology became the primary licensee of data produced by abuse.ch. Here's an outline of why this partnership was conceived and what it hopes to achieve in the future. In 2008, a sole researcher founded abuse.ch – a project committed to fighting abuse on the internet.
Read on >Introducing YARAify
Published on 13th June 2022, 11:23:48 UTC
About a year ago, we have launched ThreatFox - a community driven platform to share indicators of compromise (IOCs). Today, I'm very excited to announce the launch of our most recent project: YARAify! YARAify is your central hub for scanning and hunting files using YARA.
Read on >abuse.ch gets a new home at BFH
Published on 1st June 2021, 07:25:31 UTC
In October 2020, I've described the challenges I'm facing with operating abuse.ch as a non-profit project. I've also draw a plan for the future of abuse.ch that was collecting sufficient funds to turn abuse.ch into a research project. Today, I'm very excited to announce that the fund raising was successful and that as of April 15th 2021, abuse.ch became a research project at Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland.
Read on >Introducing ThreatFox
Published on 8th March 2021, 12:41:55 UTC
In 2018, I've launched URLhaus - a platform where security researchers and threat analysts can share malware distribution sites with the community. A year ago, in March 2020, the launch of MalwareBazaar enabled the community to share malware samples with others and hunt for such by e.g. using YARA rules. The goal of abuse.ch always was to make threat intelligence easy accessible for everyone - for free, and without the need of a registration on a platform.
Read on >Moving Forward
Published on 26th October 2020, 13:45:09 UTC
13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and abuse.ch was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.
Read on >Introducing MalwareBazaar
Published on 17th March 2020, 12:29:31 UTC
Almost two years ago, I've launched URLhaus with the goal of collecting malware distribution sites. With more than 300,000 malware distribution sites tracked, the project still is a great success. However, over the past weeks, I've been focusing my efforts on a new project. And here' it is: MalwareBazaar! MalwareBazaar collects known malicious malware sample, enriches them with additional intelligence and provides them back to the community - for free!
Read on >STATISTICS
Using data from our various threat intelligence platforms, below you will find high-level numbers relating to malware signals shared with abuse.ch. This data is updated every 24 hours.
Most seen Malware
| # | Malware |
|---|---|
| 1 | StrelaStealer |
| 2 | Downloader.Upatre |
| 3 | Triusor |
| 4 | Gh0stRAT |
| 5 | BlackShades |
| 6 | Blackmoon |
| 7 | Simda |
| 8 | Sality |
| 9 | Ganelp |
| 10 | njrat |
Analysed File Types
| Malware Samples | File Type |
|---|---|
| 48441 | exe |
| 8495 | js |
| 621 | dll |
| 212 | xls |
| 150 | xlsm |
| 91 | xlsb |
| 67 | jar |
| 49 | xlsx |
| 44 | doc |
| 29 | docx |