Threat Feed: Abuse.ch SSL Blocklist

By ingesting data from SSL Blocklist, Blumira’s platform uses the latest threat intelligence information to help you quickly detect and block malicious SSL connections and malware botnet communications.

Threat Intelligence Feed: Abuse.ch SSLBL

Abuse.ch helps internet service providers and network operations protect their infrastructure from malware.

One of their projects is the SSL Blocklist (SSLBL). It detects malicious SSL connections. This is done based on identifying and blocklisting SSL certificates used by botnet C&C servers. SSLBL intends to help network administrators and security analysts protect their network and customers from botnets. Learn more about their different blocklists.

What is a botnet? A botnet is a term used to refer to a group of internet-connected devices running a bot, performing repetitive tasks. In infosec, botnet refers to devices or computers infected by malware and controlled by malicious actors. They're often used to launch Distributed Denial-of-Service (DDoS) attacks to overload servers, send spam and steal data.

Botnets talk to command-and-control (C&C) servers that are controlled by an attacker to communicate, send commands to infected devices or systems, as well as to exfiltrate and receive stolen data.

SSL certificates allow for secure connections from a web server to a browser. The SSL Blocklist provides a number of different elements to identify and blocked malicious servers, such as SHA1 fingerprints, IP addresses that run blocked SSL certs, rulesets that detect and/or block network connections, etc.