abuse.ch Open in urlscan Pro
151.101.66.49  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * our mission
 * sponsoring
 * blog
 * statistics
 * contact


FIGHTING MALWARE AND BOTNETS

abuse.ch is a research project at the Bern University of Applied Sciences (BFH).
It is the home of a couple of projects that are helping internet service
providers and network operators protecting their infrastructure from malware.
IT-Security researchers, vendors and law enforcement agencies rely on data from
abuse.ch, trying to make the internet a safer place.

Learn more »


OUR MISSION

abuse.ch is a research project at Institute for Cybersecurity and Engineering
ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. It
was initially based on a private initiative of a random Swiss guy that wanted to
fight cyber crime for the good of the internet. Today, the project fully relies
on donations to cover infrastructure costs and paying salaries.

The project's main goal is to identify and track cyber threats, with a strong
focus on malware and botnets. Being a non-profit project, we not only publish
actionable open source threat intelligence but also develop and operate
platforms for IT security researchers and experts enabling them sharing relevant
threat intel data with the community.

Today, data from abuse.ch is already integrated in many commercial and open
source security products. Vendors of security software and services rely on our
data to protect their customers. But it doesn't stop there: organizations,
internet service providers (ISPs), law enforcement and government entities
consume data from abuse.ch to fight cyber threats targeting their constituency.

Public services and platforms abuse.ch operates:

Sharing malware samples with the community, AV vendors and threat intelligence
providers

Tracking botnet C&C infrastructure associated with Emotet, Dridex and TrickBot

Collecting and providing a blocklist for malicious SSL certificates and JA3/JA3s
fingerprints

Sharing malware distribution sites with the community, AV vendors and threat
intelligence providers

Sharing indicators of compromise (IOCs) the community and threat intelligence
providers


SPONSORS

Platinum



Gold



Silver



Bronze


See all sponsors »




BLOG


INTRODUCING YARAIFY

Published on 13th June 2022, 11:23:48 UTC

About a year ago, we have launched ThreatFox - a community driven platform to
share indicators of compromise (IOCs). Today, I'm very excited to announce the
launch of our most recent project: YARAify! YARAify is your central hub for
scanning and hunting files using YARA.

Read on >


ABUSE.CH GETS A NEW HOME AT BFH

Published on 1st June 2021, 07:25:31 UTC

In October 2020, I've described the challenges I'm facing with operating
abuse.ch as a non-profit project. I've also draw a plan for the future of
abuse.ch that was collecting sufficient funds to turn abuse.ch into a research
project. Today, I'm very excited to announce that the fund raising was
successful and that as of April 15th 2021, abuse.ch became a research project at
Institute for Cybersecurity and Engineering ICE hosted at the Bern University of
Applied Sciences (BFH) in Switzerland.

Read on >


INTRODUCING THREATFOX

Published on 8th March 2021, 12:41:55 UTC

In 2018, I've launched URLhaus - a platform where security researchers and
threat analysts can share malware distribution sites with the community. A year
ago, in March 2020, the launch of MalwareBazaar enabled the community to share
malware samples with others and hunt for such by e.g. using YARA rules. The goal
of abuse.ch always was to make threat intelligence easy accessible for everyone
- for free, and without the need of a registration on a platform.

Read on >


MOVING FORWARD

Published on 26th October 2020, 13:45:09 UTC

13 years ago, I started to look at malware samples in my spare time that
occasionally hit my personal mailbox. I've decided to document my findings in a
blog, and abuse.ch was born. In the same year, ZeuS (aka Zbot) appeared. Sold on
the dark web, it quickly became one of the most popular crimeware kits for cyber
criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS
in 2008/2009, I decided to create my first project: ZeuS Tracker.

Read on >


INTRODUCING MALWAREBAZAAR

Published on 17th March 2020, 12:29:31 UTC

Almost two years ago, I've launched URLhaus with the goal of collecting malware
distribution sites. With more than 300,000 malware distribution sites tracked,
the project still is a great success. However, over the past weeks, I've been
focusing my efforts on a new project. And here' it is: MalwareBazaar!
MalwareBazaar collects known malicious malware sample, enriches them with
additional intelligence and provides them back to the community - for free!

Read on >


USING URLHAUS AS A RESPONSE POLICY ZONE (RPZ)

Published on 14th June 2019, 09:46:12 UTC

A few days ago, URLhaus, cracked 200,000 malware URLs tracked. The majority of
the malware sites tracked by URLhaus are related to Emotet (aka Heodo), followed
by Mirai, Gayfgyt and Gozi ISFB (aka Ursnif). But there are many other threats
being tracked with the help of the infosec community. There are several ways how
to utilize the data generated by the community to protect your network and
users. This blog post is a short tutorial on how to use URLhaus as a DNS
Response Policy Zone (RPZ). What is RPZ? RPZ is a way to rewrite or block
responses to DNS queries. It is sometimes also refered as DNS Firewall, as it
allows system administrators to block access to certain domain names.

Read on >



Blog Archive


STATISTICS


MOST SEEN MALWARE

# Malware 1 Emotet 2 SilentBuilder 3 CoinMiner 4 Worm.Vobfus 5 Downloader.Upatre
6 RedLineStealer 7 Ganelp 8 AgentTesla 9 njrat 10 Quakbot



ANALYSED FILE TYPES

Malware Samples File Type 40576 exe 1270 dll 1002 xlsx 824 xls 396 doc 333 docx
247 xlsm 146 rtf 81 xlsb 11 jar



PROCESSED MALWARE SAMPLES PER DAY

Number of analysed malware
samples2022-06-122022-06-142022-06-162022-06-182022-06-202022-06-222022-06-242022-06-262022-06-282022-06-302022-07-022022-07-042022-07-062022-07-082022-07-1005,00010,00015,00020,00025,00030,00035,000

DateNumber of analysed malware
samples2022-06-1218,4782022-06-1318,5172022-06-1418,3002022-06-1518,2442022-06-1618,1792022-06-1718,1722022-06-1818,0262022-06-1918,3802022-06-2018,7012022-06-2120,6172022-06-2221,8412022-06-2321,8852022-06-2423,0372022-06-2522,6962022-06-2623,0492022-06-2722,4152022-06-2821,9412022-06-2921,7842022-06-3022,1642022-07-0121,8852022-07-0221,3722022-07-0321,5332022-07-0421,4762022-07-0521,1482022-07-0621,1272022-07-0721,0742022-07-0820,5572022-07-0911,0192022-07-1033,7202022-07-1122,823

Number of analysed malware samples



SPAM STATISTICS

Spam
mails2022-06-122022-06-142022-06-162022-06-182022-06-202022-06-222022-06-242022-06-262022-06-282022-06-302022-07-022022-07-042022-07-062022-07-082022-07-1022,50025,00027,50030,00032,50035,00037,50040,00042,50045,00047,500

DateSpam
mails2022-06-1228,9792022-06-1332,7352022-06-1441,9592022-06-1541,4062022-06-1638,0932022-06-1736,4972022-06-1825,2052022-06-1925,8412022-06-2037,6432022-06-2140,8102022-06-2226,4552022-06-2332,7482022-06-2437,4202022-06-2530,7312022-06-2635,8042022-06-2742,4992022-06-2843,7882022-06-2946,2842022-06-3041,1372022-07-0142,1022022-07-0235,1982022-07-0332,1912022-07-0445,8822022-07-0543,8112022-07-0643,5292022-07-0738,8792022-07-0829,1262022-07-0923,3042022-07-1028,9942022-07-1128,644

Spam mails


coSntacPtAmeM@abuse.ch
(remove all capital letters)

© Copyright 2021 by abuse.ch