CONTACT AMTSO
top-header-bg-left
  • Real Time Threat List (RTTL)

Frequently Asked Questions

top-header-bg-right
What is the RTTL?

The Real-Time Threat List (RTTL) is a repository of malware samples collected by security companies, test labs, and other experts from around the world. 

The repository is managed, maintained and secured by the Anti-Malware Testing Standards Organization (AMTSO).

Who submits samples to the RTTL?

Anti-malware and general cybersecurity companies, testing labs, CERTs, and other anti-malware experts from around the world submit verified and significant samples to the RTTL, with attached metadata such as prevalence information and details of the distribution and source of the malware.

How can I access the RTTL?

Full RTTL access is restricted to AMTSO members. To find out more about the benefits of membership, check out our joining page

Limited access is granted to recognized non-member security companies, and also to other bodies such as CERTs wishing to distributed malware they discover to the wider security industry via a single point of contact. In some circumstances limited access may be granted to academics carrying out relevant research. 

To find out more about getting access, please contact [email protected].

Why is there a need for the RTTL?

As new malware emerges at an ever-increasing rate, the RTTL system was designed to provide testers of anti-malware solutions with a repository of the latest malware and related metadata that they can use to validate anti-malware products in real-time. 

The system also allows efficient provision of malware samples between AMTSO’s global community of members and partners.

Who uses the samples from RTTL?

AMTSO Tester members can apply for access to a unique daily quota of samples from the RTTL system, with wider access granted after 24 hours. These sample sets are used for validation and certification testing. Data from the system can also be used in sample validation processes, and in designing sample sets representative of specific regions, time frames, and other sub-categories.

Security companies make use of the sample feeds to ensure their solutions remain current, particularly the feeds coming from CERTs and other smaller research bodies.

Academics researching or analyzing trends in the anti-malware industry can also use the RTTL as a rich data source.

Want to know more about RTTL access?
Contact us, or fill out the application form.