Find monthly malware trends from Spamhaus Project, giving you insight into observed malware campaigns.
The Malware Digest
January saw a 173% increase in new malware sites hosted in India, with a welcome 41% decrease in the US. Mirai is back as the most common malware with 851 samples shared, and there are now 19,292 YARA rules available for hunting on YARAify! Read the full report.
All malware digests
Published 7 Feb 2024
January saw a 173% increase in new malware sites hosted in India, with a welcome 41% decrease in the US. Mirai is the most common malware with 851 samples shared, and there are now 19,292 YARA rules available for hunting on YARAify!
Published 9 Jan 2024
URLHaus experienced a surge in new malware sites hosted across the APAC region, including China (360%), Singapore (265%) and Taiwan (103%). Whilst new entrant Sock5Systemz is #1 for samples shared - find out more in December's malware report.
Published 5 Dec 2023
This month saw an increase in active malware distribution sites across Central Europe. New October entrant ShadowPad dominated the ThreatFox Top 15s with a +459.82% increase. Meanwhile, YARAify scanned over 8 million distinct files!
Published 3 Nov 2023
October saw increases across 12 geolocations hosting new malware sites, most significantly India (181.82%) but the US is back at number one. Meanwhile, Cobalt Strike was associated with the largest number of IOCs. Read the full report here.
Published 6 Oct 2023
We saw the rise of the RATS this month, with NJRAT (+2129.56%) and RemcosRAT (+1392.49%) experiencing staggering increases, as well as new entrants AsyncRAT, QuasarRAT and BitRAT - find out more in September's malware report.
Published 6 Sept 2023
August saw an increase in new malware sites hosted in The Netherlands (284%) and Singapore (220%). Whilst, Mirai appear is making a come back - with an increase in distribution sites and malware samples shared.
Published 4 Aug 2023
This month saw a spike in new malware sites hosted in Bulgaria (almost 400%) and a welcomed 55% decrease (finally!) in the US. With new entrant DBatLoader contributing 22% of all IOCs shared via ThreatFox. Read the full report.
Published 6 Jul 2023
Another busy month for Qakbot - 61.4% of ALL malware sites shared on URLhaus and 4,150 IOCs shared on ThreatFox. Malware sites hosted in India is on the rise, with Indian network BSNL climbing to #1 host of malware distribution sites.
Published 6 Apr 2023
Together, Emotet and Qakbot were responsible for 38% of ALL malware sites shared on URLhaus, Mirai had the biggest growth across the board, and there are officially over 1 million IOCs shared on ThreatFox. Find the report here:
Published 3 Mar 2023
The U.S. experienced a 447% increase in the number of malware distribution sites it was hosting. Meanwhile, a familiar name returned with vengeance; Qakbot, which was associated with the largest number of IOCs.
Published 3 Feb 2023
January saw an increase in new malware sites hosted in Russia (almost 200%!) and decrease in the US by 95%. We also saw a big increase in compromised hosts spreading Mirai.
Published 5 Jan 2023
It was a busy month for Qakbot - ThreatFox saw 30,611 IOCs related to this malware threat. On the flip side, we are happy to celebrate 1k active hunting rules on MalwareBazaar!
Published 8 Dec 2022
Emotet is well and truly back! abuse.ch saw a 68% increase in Indicators of Compromise relating to this malware family - find more in November’s malware report.
Published 4 November 2022
Using data from abuse.ch's platforms, the report gives an overview of malware campaigns, with insights into malware distribution sites, samples, IOCs & YARA rules.
Published 6 October 2022
Using data from abuse.ch's platforms, the report gives an overview of malware campaigns, with insights into malware distribution sites, samples, IOCs & YARA rules.
Published 7 September 2022
Using data from abuse.ch's platforms, the report gives an overview of malware campaigns, with insights into malware distribution sites, samples, IOCs & YARA rules.
