abuse.ch

Hey @ColoCrossing, what needs to be done to have you taking down these malware hosts? https://urlhaus.abuse.ch/asn/36352/  You already received abuse complaints for each of those by email on abuse{at}colocrossing[dot]com What is the reason for not acting on those reports? pic.twitter.com/dzSwjwvIee

Our malware sample feeds have moved to a new location, providing you additional (hourly) feeds and faster download URLhaus: https://datalake.abuse.ch/urlhaus/  MalwareBazaar: https://datalake.abuse.ch/malware-bazaar/  Special thanks to @threatray for funding the new infrastructure! pic.twitter.com/XuQqmR3x5S

Anyone else got mailbombed by krebsonsecurity .com last night? /cc @briankrebspic.twitter.com/j08L3VKFiN

We ask sponsoring domain registrars and registries to act up on such reports and neutralize the threat bad domains pose Should we believe that a registrar or registry neglects their duties or violates existing policies, we will engage with @ICANN to discuss further steps pic.twitter.com/twVteSbfBV

URLhaus adds more pressure on threat actors that are abusing the domain name space for distributing malware Today, we started to notify domain registrars and registries about domains that have been setup by threat actors for the sole purpose of distributing malware pic.twitter.com/7dXFgp982A

In one week of #QakBot botnet C2 tracking, Feodo Tracker has identified and blocked over 100 C2s It seems that there is occasionally also some overlapping between Emotet and QakBot C2s: https://feodotracker.abuse.ch/browse/host/120.150.218.241/ … Block QakBot/TrickBot/Dridex C2s: https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt …pic.twitter.com/LiGgAT4Rnd

MalwareBazaar now integrates results from @filescan_itsec next-gen malware analysis platform! Sample report (NanoCore RAT): https://bazaar.abuse.ch/sample/a658919df3185802e1e73f94a5a18e3f42c8c8c7f9f48a11eac0274d4ede6a57/#intel …pic.twitter.com/8LWaZSNPNr

MetaMorfo malspam targeting latin amercian internet users lnk -> msi -> MetaMorfo Various geo cloaked payload URLs hosted on @awscloud LNK: https://bazaar.abuse.ch/sample/776134c134534d0dc096adc95eff7bf3e9f0a029436dd3e7e50438defe647762/ … Payload URLs: https://urlhaus.abuse.ch/browse.php?search=790909ebcaccbec6c7af481f9e9b6789a58b2ddf3a2de58da4b9b152d852ee07 … MSI: https://bazaar.abuse.ch/sample/790909ebcaccbec6c7af481f9e9b6789a58b2ddf3a2de58da4b9b152d852ee07/ …pic.twitter.com/AqUDcG94Xc

The major outage of Facebook, Instagram and WhatsApp apparently causes problems at DNS providers too as the corresponding apps are hammering their resolvers hard Facebook is down and the whole internet is having troubles Current service status @AdGuard DNS:pic.twitter.com/GYsd3VAuOK