What are the abuse.ch Real Time Threat Intelligence Feeds?

With data provided by our trusted partner, abuse.ch, gain real time access to rich threat metadata via six intelligence feeds. Each datafeed has a different threat focus and output - these are:

  • URLHaus - providing URLs being used for malware distribution;

  • MalwareBazaar - focussed on sharing confirmed malware samples;

  • ThreatFox - sharing indicators of compromise (IOCs) associated with malware;

  • YARAify - a large repository of YARA rules;

  • Feodo Tracker - sharing botnet C&C infrastructure associated with major malware threats that facilitate ransomware attacks;

  • Sandnet – which provides signals from collected and executed malware samples in a controlled environment.

Leveraging the collective capabilities of a large, experienced and thriving malware community, these Feeds provide a rich source of actionable data signals on cyber threats.

This data is relevant for SOCs, SIEMs, information security teams and threat researchers - be that for anti-virus vendors, threat intelligence providers, commercial enterprises, internet service providers, law enforcement, government entities, CERTs, domain registrars/registries.

Use this data to help strengthen threat investigations, threat detections, vulnerability management and help prevent data breaches. Enrich research, improve risk scoring and gain additional context, specific to your environment.