Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → jstrosch → Malware Samples

jstrosch / Malware Samples

Malware samples, analysis exercises and other interesting resources.

Labels

malware training

Projects that are alternatives of or similar to Malware Samples

training-materials

No description or website provided.

Stars: ✭ 47 (-80.5%)

Mutual labels: training, malware

Kicomav

KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.

Stars: ✭ 227 (-5.81%)

Mutual labels: malware

Process doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

Stars: ✭ 198 (-17.84%)

Mutual labels: malware

Serpentine

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Stars: ✭ 216 (-10.37%)

Mutual labels: malware

Telegram Rat

Windows Remote Administration Tool via Telegram. Written in Python

Stars: ✭ 201 (-16.6%)

Mutual labels: malware

Threat Hunting

Personal compilation of APT malware from whitepaper releases, documents and own research

Stars: ✭ 219 (-9.13%)

Mutual labels: malware

Blackweb

Domains Blocklist for Squid-Cache

Stars: ✭ 189 (-21.58%)

Mutual labels: malware

Training

🐝 A fast, easy and collaborative open source image annotation tool for teams and individuals.

Stars: ✭ 2,615 (+985.06%)

Mutual labels: training

Deep Learning In Production

Develop production ready deep learning code, deploy it and scale it

Stars: ✭ 216 (-10.37%)

Mutual labels: training

Botnets

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

Stars: ✭ 2,523 (+946.89%)

Mutual labels: malware

Dynamic Training Bench

Simplify the training and tuning of Tensorflow models

Stars: ✭ 210 (-12.86%)

Mutual labels: training

Improved Body Parts

Simple Pose: Rethinking and Improving a Bottom-up Approach for Multi-Person Pose Estimation

Stars: ✭ 202 (-16.18%)

Mutual labels: training

Lime Crypter

Simple obfuscation tool

Stars: ✭ 217 (-9.96%)

Mutual labels: malware

Memtriage

Allows you to quickly query a Windows machine for RAM artifacts

Stars: ✭ 200 (-17.01%)

Mutual labels: malware

Elfparser

Cross Platform ELF analysis

Stars: ✭ 228 (-5.39%)

Mutual labels: malware

Qiling

Qiling Advanced Binary Emulation Framework

Stars: ✭ 2,816 (+1068.46%)

Mutual labels: malware

Open Myrtus

RCEed version of computer malware / rootkit MyRTUs / Stuxnet.

Stars: ✭ 208 (-13.69%)

Mutual labels: malware

Goat

🐐 GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server

Stars: ✭ 218 (-9.54%)

Mutual labels: malware

Symfony Pack

A series of questions to prepare for the Symfony certification

Stars: ✭ 241 (+0%)

Mutual labels: training

Filewatcher

A simple auditing utility for macOS

Stars: ✭ 233 (-3.32%)

Mutual labels: malware

View All Similar Projects ➔

Malware Samples

This repository is intended to provide access to a wide variety of malicious files and other artifacts. Please keep in mind that most of these samples will not be archived or password protected. For those that are, consult the additional README but the use of the standard password 'infected' will normally be utilized.

All of the samples are in a password protected ZIP archive using a password of: infected

Malware Analysis Exercises

In addition to providing artifacts from samples, I will regularly post malware anlaysis exercises. These exercises will cover a wide range of malware analysis topics and come with detailed solutions and walk-throughs.

2021

February: Maldocs - Getting Started with Excel 4 Macros (XLM Macros)

2020

December: Maldocs - Living Off The Land with Powershell

Summary of Samples

2021-02-13: Maldoc Templates for February 08 - 12, 4 groups: Dridex, Heodo/Emotet, Unknown
2021-02-06: Maldoc templates for Feb 01 - 05, 3 groups: SilentBuilder and Emotet
2021-01-30: Maldoc templates for Jan 25 - 29, 2 groups: Emotet, Unknown
2021-01-30: Maldoc templates for Jan 18 - 22, 4 groups: Emotet, Dridex
2021-01-23: Maldoc templates for Jan 11 - 15, 8 groups: Emotet, Dridex
2021-01-15: Excel drops Qakbot (qbot) DLL
2021-01-15: Word doc w/ embedded Hancitor loader, IP check and C2 activity
2021-01-09: Maldoc templates for Jan 04 - 08, 6 groups: Emotet, Trickbot, Dridex
2021-01-07: Excel doc drops Raccoon
2021-01-02: Maldoc templates for Dec 28 - Jan 01, 3 groups: Emotet, Dridex, Emotet
2020-12-26: Maldoc templates Dec 21 - Dec 25, 11 groups: Emotet, Dridex and 1 unknown
2020-12-19: Maldoc templates Dec 14 - Dec 18. 17 groups: Dridex, TA505 and Emotet
2020-12-15: Maldoc templates Dec 07 - Dec 11. 7 groups: 1 - 5 Dridex, 6 BitRat, 7 Emotet
2020-12-15: Excel Decodes DLL w/ Certutil for next stage retrieval - includes analysis on YouTube and IDA Plugin for String Deobfuscation
2020-12-05: Maldoc templates for the week of Nov 30 - Dec 04
2020-11-28: Maldoc templates for the week of Nov 23 - Nov 27
2020-11-27: Excel drops Qakbot (qbot) DLL
2020-11-24: FickerStealer w/ IP check
2020-11-24: Word document drops Smokeloader
2020-11-24: Word document drops Dridex DLL w/ Check-In
2020-11-21: Maldoc templates for the week of Nov 16 - Nov 20
2020-11-14: Maldoc templates for the week of Nov 09 - Nov 13
2020-11-10: Emotet maldoc - Embedded DLL and CertUtil for Base64 Decoding, includes analysis on YouTube
2020-11-07: Maldoc templates for the week of Nov 02 - Nov 06
2020-10-31: Maldoc templates for the week of Oct 26 - Oct 30
2020-10-29: Excel doc drops Qakbot
2020-10-24: Maldoc templates for the week of Oct 19 - Oct 23
2020-10-16: Emotet templates for the week of Oct 12 - Oct 16
2020-10-09: Emotet templates for the week of Oct 05 - Oct 09
2020-10-02: Emotet templates for the week of Sept 28 - Oct 02
2020-10-05: Word doc uses Lua for follow-on activity
2020-09-17: Word doc drops Betabot (Uses CVE-2017-11882)
2020-08-29: ArkeiStealer sample with data exfil
2020-08-21: Azorult drops AsyncRat, REMCOS possible others
2020-08-15: Cerber ransomware with check-in
2020-08-02: Raccoon stealer drops crypto-currency miner
2020-07-24: Amadey bot with payloads and check-in
2020-07-24: Raccoon stealer w/ CnC check-in
2020-07-19: Excel doc drops GuLoader
2020-07-13: Word doc drops Hancitor loader
2020-06-29: Trickbot version 1000512 and gtag ono51, drops new nwormDll64 module - includes 12hour PCAP
2020-06-29: Two Excel docs that drop Netwire, includes C2 check-ins
2020-06-20: ZLoader with chekc-in
2020-06-01: Excel doc drops Guloader
2020-06-01: IcedID with Image used for Steganography
2020-05-29: Maldoc uses template injection for macro execution
2020-05-13: Gamma Ransomware with HTTP check-in
2020-05-13: Cryptbot sample
2020-05-13: Danabot sample with beaconing
2020-05-04: Trickbot w/ GTAG tt002 and version 1000509, 12 hour PCAP w/ beacons
2020-04-26: Gomorrah stealer (.NET binary)
2020-04-16: Trickbot w/ GTAG MAN6 and version 1000507 - Uses revocation.txt config
2020-04-16: AgentTesla data exfil through SMTP
2020-04-14: Vidar sample with data exfil via ZIP file
2020-04-13: Azorult drops Blackout Ransomware
2020-04-04: Ave-Maria/Warzon RAT
2020-03-27: Word drops Ursnif through MSHTA.exe
2020-03-26: Word drops Banload banking trojan
2020-03-26: Excel drops AgentTesla
2020-03-26: Word drops IcedId
2020-03-25: NanoCore sample with dumped plugins (.NET assemblies)
2020-03-24: Blue Botnet
2020-03-19: Formbook
2020-03-14: Excel drops LokiBot
2020-02-29: Buer loader
2020-02-18: Remcos
2020-02-13: Turkojan

Samples from Trainings and Workshops

Sample files and other artifacts from public trainings, talks and workshops.

2021

2021-01-13: FloCon - Workshop: Intrusion Analysis and Threat Hunting with Open Source Tools - Demo files and Workshop on YouTube

2020

2020-11-19: Hack-in-the-Box Cyber Week Workshop: Analyzing Malicious Word and Excel Documents - Demo files and Workshop on YouTube

Maldocs

Will contain Office documents identified to be used to distribute malware based on organizing folder structure. For example, the emotet folder will contain maldocs identified to have dropped Emotet. These samples are organized by year/month that I obtained and executed them - this may deviate slightly from when they were first discovered in the wild (for example, first submission date on VirusTotal).

To the max extend possible I will also include associated PCAPs. PCAPs may contain the resuling Emotet binary that was dropped, as well as follow-on C2 communication. However, I can not guarantee that each PCAP will contain this full sequence of events.

Current maldocs include:

AgentTesla
Banload
Emotet
Hancitor
IcedId
Lokibot
Trickbot
Unknown

Maldoc Templates

The image analysis script used to generate maldoc image graphs can be found at: https://github.com/jstrosch/graph-maldoc-similar-images

Memory Dumps

Will contain full VM memory and individual process memory dumps from malware samples. Most will come from dumpming memory via Cuckoo Sandox. Due to the size of the memory dumps, links to an archived version of them are provided for download. Current memory dumps include:

Emotet
LokiBot

Binaries

This will contain binaries (i.e. PE/.NET, Java, etc) from known malware families. Currently, this archive contains samples from:

Agenttesla
Ave Maria / Warzone RAT
Azorult
Blue Botnet
Buer Loader
Dridex
Emotet
Gandcrab
Lokibot
Nanocore
Remcos
Socelars
Trickbot
Troldesh
Turkojan
Vidar

Warnings and Disclaimers

This repository is intended for educational and research purposes. The samples provided here are all real-world malware, please handle with all of the necessary caution.

Please note, all samples/artifacts will be in a password-protected archive using a password of: infected

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 241

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗