Industry-wide sample and threat intel sharing

The ThreatList is a sample and threat-intelligence sharing system, hosted by AMTSO but available to approved participants both within and outside the AMTSO membership.

ThreatList has been created to fill the gap left by the termination of the WildList, a long-standing cross-industry collaboration project used by many test labs in certification testing and more. Previous WildList reporters were invited to participate in ThreatList at its foundation, and the system is now open to new contributors. 

ThreatList is managed by AMTSO volunteers under the guidance of the ThreatList Oversight Board, also volunteers elected from among the ThreatList community. Full details of the requirements for participation in ThreatList can be found in the Usage Guide.

ThreatList is operated alongside but fully separated from AMTSO’s own sample-sharing system, the Real-Time Threat List (RTTL).


ThreatList participation is open to any company, institution, organization, or individual willing and able to meet the requirements for participation laid out in the ThreatList License Agreement and Usage Guide, subject to adjustment from time to time by decision of the ThreatList Oversight Board.

Participation takes two main forms:

Reporters – registered and approved Reporters feed samples and metadata into the ThreatList system on a daily basis, and agree to maintain minimum levels of both quantity and quality of submissions. Reporters also review and verify submissions from other Reporters, challenging the inclusion of items they consider inappropriate for the ThreatList.

Beneficiaries – registered and approved Beneficiaries are granted access to the ThreatList system to pull down samples and metadata without the requirement to also submit their own samples or data. The main group qualifying for Beneficiary status are independent test labs working in the anti-malware space, but other forms of qualification may be considered on a case-by-case basis.

All participants are required to complete the form below, including formal approval of the ThreatList License Agreement. Applications are then subject to review by the ThreatList Oversight Board, and full participation will only be made available after initial approval and a trial period.