An aggregation of crowdsourced intelligence and commercial-grade malware data. Users gain highly relevant and timely signals from a global hunting community, with added reliability and support, to provide a diverse, real-time data enrichment source.
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
The
Spamhaus-abuse.ch
Alliance
We have strength in unity; as mission-led, independent organizations, the Spamhaus and abuse.ch Alliance promotes community-driven intelligence to drive change and improve Internet safety with robust and reliable reputation data.
Bonded by
a focus
on impact
Spamhaus and abuse.ch have worked closely together for over a decade. We share core values, an aligned mission and purpose, and are deeply passionate about making a positive impact on Internet abuse over commercial bias.
With a deep-rooted mutual trust, our formalized Alliance provides the largest, independently crowdsourced intelligence of tracked malware and botnets to the industry. The Spamhaus-abuse.ch Alliance works to produce robust data that supports billions of users globally, including law enforcement, analysts, defenders, and solution providers alike.
Commercial-grade malware Indicators
Faster Detections
Crowdsourcing is the Power of Many - indicators shared by a global force for earlier detection, identification and confirmation of patterns, clusters, and anomalies, reducing time-to-response. Detections can be shared before an official AV signature or CVE record exists.
Holistic view of malware
Gain visibility of where malware distribution is taking place, what malware is being distributed, what associated IoCs there are, and detect related activities to expand your hunt, identify trends and track developments
In numbers
5,000,000
Malware-related URLs and IOCs to hunt and pivot from.
950,000
Malware samples available to download.
15,000
Strong user community sharing malware-focused data.
Datasets
Spamhaus-abuse.ch Data
Datasets
Access the Data
Datasets
Datasets
Access the Data
Malware IoCs
Contextual Data
Retrieve IP addresses, domains, URLs, and file hashes linked to malware activities. Gain crucial context with confidence levels, first/last seen timestamps, threat type , reporter, and sightings - indicating trustworthiness, relevance over time, nature of the threat, source legitimacy, and frequency of observation.
Access Methods
Malware URLs
Contextual Data
Tracked URLs that are being used for malware distribution. Access real-time contextual details, including associated payloads, tags, malware families, and whether the URL status is offline or online, to hunt with and better understand adversarial TTPs.
Access Methods
Malware Samples
Contextual Data
A vast, continuously updated collection of malicious files enriched with metadata, offering a high-fidelity view of the evolving threat landscape for security analysis and research needs. Samples available to download.
Access Methods
YARA Scan Results
Contextual Data
Metadata based on millions of suspicious malware sample scans. Enhance your retroactive or active hunting capabilities by matching known malware patterns, automating malware classification, and improving detection accuracy with this large, community-driven signal repository.
Access Methods
Malicious file telemetry
Contextual Data
A non-public platform that executes malware samples in a controlled environment to collect the associated signals and metadata - before and during the execution. This data is only available via the Real Time Intelligence Feed.
Access Methods
abuse.ch API
With dedicated focus on technical malware data and enriched IOCs, hunters, analysts and reverse malware engineers get clear, in-depth insight to act more efficiently. Access different perspectives of malware from a single source, with valuable data points to pivot from, ready-to-go YARA rules to expand or validate your hunt, and malware samples to dive deeper.
Please note: Separate APIs are available to access botnet C2 insight, with corresponding metadata, and Passive DNS data to gain historical records of DNS resolution data.
abuse.ch Real-Time Feeds
Leveraging the collective capabilities of a large, experienced and thriving malware community, these threat intelligence feeds provide a rich source of actionable data focussed on IOCs. This subscription also offers exclusive access to raw connection data through controlled malware detonation by abuse.ch, with the Sandnet feed.
Related Solutions
Cyber Threat Intelligence
High-impact threat data from a globally diverse, knowledge-rich community. Access enriched malware indicators, with enterprise-grade reliability and scale, to hunt and track with clarity and confidence.
Threat Hunting
Improve detection fidelity with data solely concentrated on malware-focused intrusions to drive hunting hypotheses, understand trends and correlations, and prioritize investigation paths.
Threat Intelligence Enrichment
Increase detection rates and enrich alerting context with malware signals that will help you uncover and address attack behaviour faster.
I'm hugely excited about this Alliance. In Spamhaus, we have found a partner that aligns with our values and mission. A partner that will make us sustainable and expand the incredible abuse.ch contributor community, to assist in making the Internet a safer place.
Roman Hüssy
Founder, abuse.ch
Get in touch with questions about abuse.ch
Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.
You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.
I agree to receive other communications from Spamhaus.