Abuse.ch URLhaus

By Maltego Technologies

Identify malicious URLs and explore underlying malware activity.

# Infrastructure & Network Information # Malware # Incident Response # Threat Hunting

Abuse.ch URLhaus Transforms for Maltego

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They publish actionable open source threat intelligence as well as develop and operate platforms for IT security researchers and experts enabling them to shares relevant threat intel data with the community.

URLhaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. The community-driven project collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.

With Abuse.ch Transforms, investigators can identify malicious URLs and domains, explore their connections and the underlying malware.

Typical Users of Abuse.ch Data

Threat Intelligence Teams
SOC Teams
CERTs
Cyber Analyst

Enrich Exisiting Threat Intelligence

Enrich your Entities with additional information from their URLhaus database. Check whether one of your Entities is currently part of a blacklist.

Gain Comprehensive Insights

Combine disparate data sources, pivot off from or to URLhaus data sets from other data entities and sources available on the Maltego Transform Hub.

Get Payload And Payload Details

Get the payload (malware file) associated with specific URLs or Hashes. Pivot from payloads to other Entities such as md5 and sha256 Hashes, Host, Signature, URLs, tags, and Reporter Details.

Malware Analysis

Gather information on Entities such as Domains, URLs, DNS Names, IPv4 Addresses and Hashes in malware investigations.

Incident Response

Investigators spend a lot of time searching for IOC’s. Abuse.ch makes threat intelligence easily accessible for everyone for free, and without the need of a registration on a platform.

Resources

Articles

Identify and Understand Malware with Maltego and Abuse.ch URLhaus

Articles

Automate Investigations with Maltego Machines – Part 2: Our New Cybersec & SOCMINT Machines

Technical Docs

Technical Documentation for Abuse.ch URLhaus Transforms

About Abuse.ch

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They not only publish actionable open source threat intelligence but also develop and operate platforms for IT security researchers and experts enabling them to share relevant threat intel data with the community

For more information, visit: https://abuse.ch/.