Abuse.ch URLhaus

By Maltego Technologies
Identify malicious URLs and explore underlying malware activity.
# Infrastructure & Network Information # Malware # Incident Response # Threat Hunting
Abuse.ch URLhaus Transforms for Maltego

Abuse.ch URLhaus Transforms for Maltego

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They publish actionable open source threat intelligence as well as develop and operate platforms for IT security researchers and experts enabling them to shares relevant threat intel data with the community.

URLhaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. The community-driven project collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.

With Abuse.ch Transforms, investigators can identify malicious URLs and domains, explore their connections and the underlying malware.

Abuse.ch URLhaus data in Maltego

Typical Users of Abuse.ch Data

  • Threat Intelligence Teams
  • SOC Teams
  • CERTs
  • Cyber Analyst

Integration Benefits

Enrich Exisiting Threat Intelligence

Enrich your Entities with additional information from their URLhaus database. Check whether one of your Entities is currently part of a blacklist.

Gain Comprehensive Insights

Combine disparate data sources, pivot off from or to URLhaus data sets from other data entities and sources available on the Maltego Transform Hub.

Get Payload And Payload Details

Get the payload (malware file) associated with specific URLs or Hashes. Pivot from payloads to other Entities such as md5 and sha256 Hashes, Host, Signature, URLs, tags, and Reporter Details.

Leverage Abuse.ch URLhaus Data for

Malware Analysis

Gather information on Entities such as Domains, URLs, DNS Names, IPv4 Addresses and Hashes in malware investigations.

Incident Response

Investigators spend a lot of time searching for IOC’s. Abuse.ch makes threat intelligence easily accessible for everyone for free, and without the need of a registration on a platform.
Read more

Pricing & Access

Community Hub
Users with Maltego Community Edition.
Click-and-Run (CE)
Simply install the Abuse.ch URLhaus Hub item directly on the Maltego Desktop Client and start exploring the data right away.
Commercial Hub
Users with a Maltego One license.
Click-and-Run
Simply install the Abuse.ch URLhaus Hub item directly on the Maltego Desktop Client and start exploring the data right away.

Resources

Articles

Identify and Understand Malware with Maltego and Abuse.ch URLhaus

Articles

Automate Investigations with Maltego Machines – Part 2: Our New Cybersec & SOCMINT Machines

Technical Docs

Technical Documentation for Abuse.ch URLhaus Transforms

Ask us about the Data sources

By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About Abuse.ch

Abuse.ch is a research project at the Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project’s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. They not only publish actionable open source threat intelligence but also develop and operate platforms for IT security researchers and experts enabling them to share relevant threat intel data with the community

For more information, visit: https://abuse.ch/.