top-header-bg-left
Sample and Threat Intel Sharing System for AMTSO members and more
top-header-bg-right

The Real-Time Threat List is AMTSO’s main sample and threat-intel sharing system, designed to support test labs and certifications as well as to facilitate sharing of intelligence between and to our members.

Non-members who regularly find or track malware, such as CERTs, can use the system as a single point of contact to share samples and other information to the wider security industry. Non-member security firms can also sign up to contribute samples and data, and may be granted limited download access depending on the policies of other contributors.

AMTSO members not yet signed up to the system can do so via the AMTSO member website.

The Real-Time Threat List (RTTL) is a repository of malware samples collected by security companies, test labs, and other experts from around the world. 

The repository is managed, maintained and secured by the Anti-Malware Testing Standards Organization (AMTSO).

Anti-malware and general cybersecurity companies, testing labs, CERTs, and other anti-malware experts from around the world submit verified and significant samples to the RTTL, with attached metadata such as prevalence information and details of the distribution and source of the malware.

Full RTTL access is restricted to AMTSO members. To find out more about the benefits of membership, check out our joining page. If you’re already a member, you can apply for access using the form on our member website.

Limited access is granted to recognized non-member security companies, and also to other bodies such as CERTs wishing to distributed malware they discover to the wider security industry via a single point of contact. In some circumstances limited access may be granted to academics carrying out relevant research.

The granular access control system within RTTL grants all contributors control over who has access to the samples they submit to the system, defaulting to AMTSO members only, so the exact level of access available to non-member participants depends on approval from other participants.

To find out more about getting access, please contact [email protected], or simply complete the application form below. Note that participation requires approval of the RTTL Licensing Agreement.

As new malware emerges at an ever-increasing rate, the RTTL system was designed to provide testers of anti-malware solutions with a repository of the latest malware and related metadata that they can use to validate anti-malware products in real-time. 

The system also allows efficient provision of malware samples between AMTSO’s global community of members and partners.

AMTSO Tester members can apply for access to a unique daily quota of samples from the RTTL system, with wider access granted after 24 hours. This ensures that testers have access to samples not widely distributed to the vendors they are testing during this window. 

These sample sets are primarily used for validation and certification testing. Data from the system can also be used in sample validation processes, and in designing sample sets representative of specific regions, time frames, and other sub-categories.

Security companies make use of the sample feeds to ensure their solutions remain current, particularly the feeds coming from CERTs and other smaller research bodies.

Academics researching or analyzing trends in the anti-malware industry can also apply to use the RTTL as a rich data source.

AMTSO also operates ThreatList, a separate but related sample-sharing system designed to replace the long-standing WildList previously used by many testing organizations. ThreatList shares many of the features of the RTTL, but is unlinked to AMTSO membership. You can find out more about the ThreatList system here.

To find out more about getting access to RTTL system, please contact [email protected], or simply complete the application form below. Note that participation requires approval of the RTTL Licensing Agreement.

Want to know about ThreatList, Industry-wide sample and threat intel sharing system?