Threat Intelligence: Abuse.ch

10 April 2025 - less than 1 min read time
Tags: Threat Intelligence Cybersecurity Abuse.ch

Often, we get lost on the internet searching for the credible threat intelligence tools. Well, Institue for Cybersecurity and Engineering at Berner Fachhochschule BFH in Switzerland came for the rescue for overwhelmed SOC Analysts like us.

They developed a project, Abuse.ch (don’t worry, nothing abusive here! :P) to identify and track malware and botnets through several operational platforms developed under the project.

These platforms are:

1. Malware Bazaar:

A resource for sharing malware samples.

2. Feodo Tracker:

A resource used to track botnet command and control (C2) infrastructure linked with Emotet, Dridex and TrickBot.

3. SSL Blacklist:

A resource for collecting and providing a blocklist for malicious SSL certificates and JA3/JA3s fingerprints.

4. URL Haus:

A resource for sharing malware distribution sites.

5. Threat Fox:

A resource for sharing indicators of compromise (IOCs).

Abuse.ch is a goldmine for threat hunters, SOC analysts, and cybersecurity researchers. Have you used it in your investigations?

---