Contact us – abuse.ch

To make a submission to abuse.ch, you will need to authenticate using this platform https://auth.abuse.ch/.

Full details on the process for submissions are detailed below:

• Malware samples to MalwareBazaar: https://bazaar.abuse.ch/upload/
• Malware URLs to URLhaus: https://urlhaus.abuse.ch/
• Indicators of compromise (IOCs) to ThreatFox: https://threatfox.abuse.ch/share/
• Deploy YARA rules via YARAify:https://yaraify.abuse.ch/yarahub/

Each of abuse.ch’s platforms has its submission policy, detailed below. If your submissions are outside the policy, your access to submit data will be revoked.

• URLhaus (malware URLs): https://urlhaus.abuse.ch/api/#policy
• MalwareBazaar (confirmed malware files): https://bazaar.abuse.ch/api/#policy
• ThreatFox (confirmed indicators of compromise): https://threatfox.abuse.ch/faq/#policy

If you believe a listing may be a false positive or should be removed from the URLhaus database, you can report this to abuse.ch in the URLhaus web interface.

Please follow the below steps:

1. Search for the URL or Domain here: https://urlhaus.abuse.ch/browse/
2. Select the entry.
3. Select the “Actions” dropdown.
4. Select “Report a False Positive”.

If you are blocked from making submissions via any of abuse.ch’s platforms, you have likely violated the relevant submission policy. All policies are detailed below:

• URLhaus (malware URLs only): https://urlhaus.abuse.ch/api/#policy
• MalwareBazaar (confirmed malware files only): https://bazaar.abuse.ch/api/#policy
• ThreatFox (confirmed indicators of compromise only): https://threatfox.abuse.ch/faq/#policy

To reinstate access, please get in touch with abuse.ch using the above form, confirming you have read and agreed to the applicable policy.

MalwareBazaar only tracks malware samples. No adware (PUA/PUP). No benign files. Samples older than 10 days, PUAs/PUPs and benign files should not be uploaded to the repository.

There are some mechanisms in place to flag PUA/PUP files, where files are reviewed and removed manually by the admin. However, it is important to note that there is no automatic enforcement of the PUA/PUP policy.

Submission vetting is manual and relies on researchers and users reporting such submissions. Where unacceptable files are reported by the community, files are removed promptly, and the responsible user banned.

A file can only be present once on MalwareBazaar, therefore it is not technically possible to upload two copies of the same sample.

No, tags are not included in the MalwareBazaar historical malware sample data (full.csv).