Abuse.ch URLhaus

By Maltego Technologies

Identify malicious URLs and explore underlying malware activity.

# Infrastructure & Network Information # Malware # Incident Response # Threat Hunting

Abuse.ch URLhaus Transforms for Maltego

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They publish actionable open source threat intelligence as well as develop and operate platforms for IT security researchers and experts enabling them to shares relevant threat intel data with the community.

URLhaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. The community-driven project collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.

With Abuse.ch Transforms, investigators can identify malicious URLs and domains, explore their connections and the underlying malware.

Typical Users of Abuse.ch Data

Threat Intelligence Teams
SOC Teams
CERTs
Cyber Analyst

Enrich Exisiting Threat Intelligence

Enrich your Entities with additional information from their URLhaus database. Check whether one of your Entities is currently part of a blacklist.

Gain Comprehensive Insights

Combine disparate data sources, pivot off from or to URLhaus data sets from other data entities and sources available on the Maltego Transform Hub.

Get Payload And Payload Details

Get the payload (malware file) associated with specific URLs or Hashes. Pivot from payloads to other Entities such as md5 and sha256 Hashes, Host, Signature, URLs, tags, and Reporter Details.

Malware Analysis

Gather information on Entities such as Domains, URLs, DNS Names, IPv4 Addresses and Hashes in malware investigations.

Incident Response

Investigators spend a lot of time searching for IOC’s. Abuse.ch makes threat intelligence easily accessible for everyone for free, and without the need of a registration on a platform.

Pricing & Access

Community Hub

Users with Maltego Community Edition.

Click-and-Run (CE)

Simply install the Abuse.ch URLhaus Hub item directly on the Maltego Desktop Client and start exploring the data right away.

Commercial Hub

Users with a Maltego One license.

Click-and-Run

Simply install the Abuse.ch URLhaus Hub item directly on the Maltego Desktop Client and start exploring the data right away.

Resources

Articles

Identify and Understand Malware with Maltego and Abuse.ch URLhaus

Articles

Automate Investigations with Maltego Machines – Part 2: Our New Cybersec & SOCMINT Machines

Technical Docs

Technical Documentation for Abuse.ch URLhaus Transforms

Contact

Reach out to us to learn more about this data integration and how to access it.

I'm interested in *

Message *

First Name*

Last Name*

COMPANY EMAIL*

Are you an active Maltego user? *

Organization Name *

Industry type *

I am a *

Organization size *

Focus of Your Business Unit *

Main Use Cases*

I would like to receive updates about Maltego products, events and offers.

By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About Abuse.ch

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They not only publish actionable open source threat intelligence but also develop and operate platforms for IT security researchers and experts enabling them to share relevant threat intel data with the community

For more information, visit: https://abuse.ch/.