Back Arrow Back to All Integrations

Threat Feed: Abuse.ch SSL Blacklist

Threat Feed: Abuse.ch SSL Blacklist

By ingesting data from SSL Blacklist, Blumira’s platform uses the latest threat intelligence information to help you quickly detect and block malicious SSL connections and malware botnet communications.

Threat Intelligence Feed: Abuse.ch SSLBL

Abuse.ch helps internet service providers and network operations protect their infrastructure from malware.

One of their projects is the SSL Blacklist (SSLBL). It detects malicious SSL connections. This is done based on identifying and blacklisting SSL certificates used by botnet C&C servers. SSLBL intends to help network administrators and security analysts protect their network and customers from botnets. Learn more about their different blacklists.

What is a botnet? A botnet is a term used to refer to a group of internet-connected devices running a bot, performing repetitive tasks. In infosec, botnet refers to devices or computers infected by malware and controlled by malicious actors. They’re often used to launch Distributed Denial-of-Service (DDoS) attacks to overload servers, send spam and steal data.

Botnets talk to command-and-control (C&C) servers that are controlled by an attacker to communicate, send commands to infected devices or systems, as well as to exfiltrate and receive stolen data.

SSL certificates allow for secure connections from a web server to a browser. The SSL Blacklist provides a number of different elements to identify and blacklist malicious servers, such as SHA1 fingerprints, IP addresses that run blacklisted SSL certs, rulesets that detect and/or block network connections, etc.