Malware samples - mostly commodity ones - observed in the wild from time to time.
Storing samples in this way just fits my workflow, if you are looking for a real Malware Zoo, well ... this is the wong place for you.
There are a bunch of great platforms and communities out there that are doing an amazing job ... Google is your friend ;)
Repository structure
# Single folder samples
(root) malware-type
|
\--> malware-family
|
\--> (gathering) date
|
\--> samples
# Multi stage samples
(root) malware-type
|
\--> malware-family
|
\--> (gathering) date
|
|--> 1st_stage
| |
| \--> samples
|
|--> 2nd_stage
| |
| \--> samples
|
|--> 3rd_stage
| |
| \--> samples
|
\--> N_stage
|
\--> samples
All samples are:
- 7z compressed
- password protected (with a common word used in the malware research sector for sharing samples)
You are looking for:
- A - small - inventorized set of malware families
- Download samples straightaway
- Test your sandbox / AV / NIDS / ETP / ? with already classified threats
- Binary diffing samples from the same family observed in a given timeframe (spotting unpacking config code?)
- Testing YARA / ClamAV ruless
- Multi stage payloads
- add here ...
Note: some samples might fall into multiple categories, but just one is chosen and used in the table.
| Family | Type | Link |
|---|---|---|
| hawkeye | keylogger | samples |
| avemaria | rat | samples |
| xperrat | rat | samples |
| njrat | rat | samples |
| adwind | rat | samples |
| netwire | rat | samples |
| flawedammyy | rat | samples |
| imminentrat | rat | samples |
| nanocorerat | rat | samples |
| backnet | rat | samples |
| remcosrat | rat | samples |
| tvrat | rat | samples |
| azorult | stealer | samples |
| lokibot | stealer | samples |
| kpot | stealer | samples |
| predator | stealer | samples |
| formbook | stealer | samples |
| arkei | stealer | samples |
| gandcrab | ransomware | samples |
| mylobot | downloader-dropper | samples |
| artra | downloader-dropper | samples |
| amadey | downloader-dropper | samples |
| kardonstealer | downloader-dropper | samples |
| ascentorloader | downloader-dropper | samples |
| agenttesla | spyware | samples |
| gootkit | banker | samples |
| danabot | banker | samples |
| ramnit | banker | samples |
| nymaim | banker | samples |
| cypherit | crypter | samples |
- All files in this repository are malware!
- Any malicious content within this repository is intended for research / educational purposes
- DO NOT run these files unless you know what you are doing
- Files are uploaded password protected but I cannot ensure mistakes will not happen! Be wise and protect yourself when fetching these specimen
- The materials here shared are provided on an 'as is' basis. I don not take any responsibility and I am not liable for any damage caused through use of these files, be it indirect, special incidental or consequential damages (including but not limited to damages for loss of business, loss of profits, interruption or the like).