A flagship initiative by AMTSO, the organization's threat intel sharing platform sets the standard for malware sharing and early threat detection with industry-leading visibility and high-quality data
SAN FRANCISCO, CALIFORNIA / ACCESS Newswire / April 29, 2025 / AMTSO, the cybersecurity industry's testing standard community, today announced new milestones for its threat intel sharing platform, the Real-Time Threat List (RTTL). With contributions now averaging over 75,000 new samples per month, the platform has firmly established itself as a cornerstone of the global threat intelligence ecosystem.
"RTTL is a vital resource for the cybersecurity community," said Alexander Vukcevic, CTO of AMTSO. "It provides a centralized platform for the submission and sharing of malware samples and threat intelligence. With its robust features, extensive contributor network, and comprehensive sandbox integration, RTTL plays a crucial role in enhancing the quality and objectivity of anti-malware testing methodologies."
The threat intel sharing platform now processes:
~75,000 new samples submitted monthly, including a significant volume from national and regional CERT bodies.
~90% of submitted samples that are verified as malicious*, ensuring high-quality threat intelligence.
~30% of new threats that appear in RTTL before any other source*, showcasing RTTL's role in early detection and proactive defense.
This positions RTTL not just as a data-sharing platform, but as a key threat intelligence hub, often the first to detect emerging cyber threats.
Through strict quality control, including outreach to contributors of low-value samples, RTTL maintains a high integrity threshold. All AMTSO members are encouraged to contribute at least 200 malicious samples per day to gain full access to the feed, including unique CERT and independent researcher submissions. Non-members, such as CERTs, can also contribute without cost, making RTTL an accessible and valuable resource across the cybersecurity landscape.
RTTL's infrastructure includes:
Advanced sandbox integration capable of analyzing up to 5,000 samples per month, with optional expansion.
A GDPR-compliant, high-fidelity sandbox environment delivering detailed JSON reports on file behavior, MITRE tactics, and more.
A comprehensive and secure API suite (v4.0) for file/URL submission, sample search, downloads, and metadata access.
Developed and operated by AMTSO, the organization's Threat Intel Sharing Platform is a collaborative platform connecting security vendors, test labs, certification bodies, CERT organizations, and independent researchers. Its mission is to support the timely and objective sharing of real-world malware data, enabling more accurate and relevant antimalware testing. Testers can access not only vendor-submitted samples but also unique contributions from CERTs and independent researchers - ensuring broad and realistic threat coverage. RTTL also provides a centralized channel for non-member organizations to share threat data with the wider security industry.
With continuous improvements, driven by community feedback, RTTL incorporates machine learning, automation tools, and new analysis capabilities to stay ahead of the evolving threat landscape.
Organizations and individual researchers can sign up here: https://www.amtso.org/rttl/
*numbers based on AMTSO member telemetry.
Contact Information
Marina Ziegler
CMO, AMTSO
pr@amtso.org
SOURCE: AMTSO
