Malware Capture Facility Project

The Stratosphere IPS Project has a sister project called the Malware Capture Facility Project that is responsible for making the long-term captures. This project is continually obtaining malware and normal data to feed the Stratosphere IPS.

Why do we capture Malware, Normal, and Mixed traffic?

Machine learning algorithms need to be verified to find out their precise performance in real data. Specially in network computer security it is really important to have good datasets, because the data in the networks is infinite, changing, varied and with a high concept drift. These issues force us to obtain good datasets to train, verify and test the algorithms.

To make a good verification we need three types of traffic: Malware, Normal and Background. The Malware traffic will include all the things we want to detect, specially C&C (Command and Control) connections. The Normal traffic is very important to find out the real performance of our algorithms by computing the False Positives and True Negatives. The Background traffic is necessary to saturate the algorithms, verify its memory/speed performance and to test if the algorithm gets confused with the data.

List of Malware Datasets

In each capture folder there are several files associated to each malware execution, including the original pcap and zip file password protected with the binary file used for the infection. The password of all the zip files with malware is: infected.

 

Long Term Malware Captures

CTU-Malware-Capture-Botnet-1 (MD5 46b3df3eaf1312f80788abd43343a9d2)

CTU-Malware-Capture-Botnet-2 (MD5 39bed9ab3ecc1271e8b9bdeda3f79495)

CTU-Malware-Capture-Botnet-3 (MD5 bb99fa3473960eb3a8ddc214af23b220)

CTU-Malware-Capture-Botnet-4 (MD5 655f37d49477846179dabde55cad0781)

CTU-Malware-Capture-Botnet-5 (MD5 c8c9b3d2247943049d895f2a111d8379)

CTU-Malware-Capture-Botnet-6 (MD5 d17b59049aa4cfc31c87515bb30f11f9)

CTU-Malware-Capture-Botnet-7 (MD5 71644436abd1ba852778a8b4d148aa0f)

CTU-Malware-Capture-Botnet-8 (MD5 76f6ec1ee2c62f2e768477e3d80e3b2c)

CTU-Malware-Capture-Botnet-9 (MD5 6d3034e2eac65f5f968c6e8f7a545795)

CTU-Malware-Capture-Botnet-10 (MD5 6838bdb29caf7319cdca22988ec6ff70)

CTU-Malware-Capture-Botnet-11 (MD5 feff8c9635e1d4e54481c3927f605721)

CTU-Malware-Capture-Botnet-12 (MD5 adb0250bcab420e93d94f95d97d51113)

CTU-Malware-Capture-Botnet-13 (MD5 2a092465ebb67aec48e7a6981d970af4)

CTU-Malware-Capture-Botnet-14 (MD5 6de48441a2862ff37015141450eaabf4)

CTU-Malware-Capture-Botnet-15 (MD5 e50f6308b1c0838dcf8e532c9754424c)

CTU-Malware-Capture-Botnet-16 (MD5 6323b0f509920c6482d3c5737bb68c60)

CTU-Malware-Capture-Botnet-17 (MD5 d4ad1c4d827f9ef4b108f35eef144a34)

CTU-Malware-Capture-Botnet-18 (MD5 76f6ec1ee2c62f2e768477e3d80e3b2c)

CTU-Malware-Capture-Botnet-19 (MD5 http://avinalarf.co.uk/?ptrxcz_Zkw6HSfs3DOZjv5GQblx7ISdoz9KUf)

CTU-Malware-Capture-Botnet-20 (MD5 8c5a1bf45d65d29eb30b480ad889a3bd)

CTU-Malware-Capture-Botnet-21 (MD5 393d3906968b6c40de3fa2a9857c3ad3)

CTU-Malware-Capture-Botnet-22 (MD5 195d06e60386cfe86f30a2b2ff551b9a)

CTU-Malware-Capture-Botnet-23 (MD5 2c8446c8b8722c3394716d1b99e33980)

CTU-Malware-Capture-Botnet-24 (MD5 2df134e2acc9ce4aa473cea5c6f980de)

CTU-Malware-Capture-Botnet-25-1 Zeus Malware. Almost 4 months of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-25-2 Zeus Malware. Almost 6 days of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-25-3 Zeus Malware. DGA. Almost 4 hours of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-25-4 Zeus Malware. DGA. Almost 3 days of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-25-5 Zeus Malware. DGA. Almost 34 days of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-25-6 Zeus Malware. DGA. Almost 40 days of traffic. (MD5 e1090d7126dd88d0d1d39b68ea3aae11)

CTU-Malware-Capture-Botnet-26 (MD5 6410ed78d835ebf63153c3b10a10031e)

CTU-Malware-Capture-Botnet-27 (MD5 9f620b924910764bc5d3fa8fa0f1aab9)

CTU-Malware-Capture-Botnet-28 (MD5 f81f28450d611f4fd73021f2ea355510)

CTU-Malware-Capture-Botnet-31-1 (Malware. 8 days and 8GB pcap file) (MD5 c740789d5b226668f8a37626883fd0b7)

CTU-Malware-Capture-Botnet-31 Still to split. (MD5 c740789d5b226668f8a37626883fd0b7)

CTU-Malware-Capture-Botnet-35-1 Papras? Malware. DGA (hidden, look carefully in pcap) (MD5 9926b031c7e7dcd2a35786aa78534be8)

CTU-Malware-Capture-Botnet-42 (This dataset contains Background, Botnet and Normal labels) (MD5 bf08e6b02e00d2bc6dd493e93e69872f)

CTU-Malware-Capture-Botnet-43 (This dataset contains Background, Botnet and Normal labels) (MD5 bf08e6b02e00d2bc6dd493e93e69872f)

CTU-Malware-Capture-Botnet-44 (This dataset contains Background, Botnet and Normal labels) (MD5 2467b3c8b259cecd6ce2d5c31009df10)

CTU-Malware-Capture-Botnet-45 (This dataset contains Background, Botnet and Normal labels) (MD5 2467b3c8b259cecd6ce2d5c31009df10)

CTU-Malware-Capture-Botnet-46 (This dataset contains Background, Botnet and Normal labels) (MD5 85f9a5247afbe51e64794193f1dd72eb)

CTU-Malware-Capture-Botnet-47 (This dataset contains Background, Botnet and Normal labels) (MD5 66b8864b660eae1bfb9750b1b3e9b449)

CTU-Malware-Capture-Botnet-48 (This dataset contains Background, Botnet and Normal labels) (MD5 8a71965cba1d3596745f63e3d8a5ac3f)

CTU-Malware-Capture-Botnet-49 (This dataset contains Background, Botnet and Normal labels) (MD5 268663702c32435db6fe4b24f962796b)

CTU-Malware-Capture-Botnet-50 (This dataset contains Background, Botnet and Normal labels) (MD5 bf08e6b02e00d2bc6dd493e93e69872f)

CTU-Malware-Capture-Botnet-51 (This dataset contains Background, Botnet and Normal labels) (MD5 2467b3c8b259cecd6ce2d5c31009df10)

CTU-Malware-Capture-Botnet-52 (This dataset contains Background, Botnet and Normal labels) (MD5 2467b3c8b259cecd6ce2d5c31009df10)

CTU-Malware-Capture-Botnet-53 (This dataset contains Background, Botnet and Normal labels) (MD5 eaf85db9898d3c9101fd5fcfa4ac80e4)

CTU-Malware-Capture-Botnet-54 (This dataset contains Background, Botnet and Normal labels) (MD5 85f9a5247afbe51e64794193f1dd72eb)

CTU-Malware-Capture-Botnet-59 (MD5 af65832c64980e57bf68eb15a4218f0b)

CTU-Malware-Capture-Botnet-60 (MD5 4e96daddbd1ac1bebc124b090263ae49)

CTU-Malware-Capture-Botnet-61 (MD5 9f1521e8095a491cc8515fd0fcca6205)

CTU-Malware-Capture-Botnet-64 (MD5 a63d2a94bb30d6926360933b13af5291)

CTU-Malware-Capture-Botnet-65 (MD5 99513848a981463c0212b3021155c457)

CTU-Malware-Capture-Botnet-66-1 Sality Botnet. P2P, and SPAM. (MD5 89828eec51d6fe22768c9364dcbb49b9)

CTU-Malware-Capture-Botnet-69  Malware. Caphaw? DGA. (MD5 24dcfdb1f46e4018500db101234f6cd7)

CTU-Malware-Capture-Botnet-71  Unknown Malware. DGA. (MD5 13fbc418d5a37bdc2c10da11a6ef46ae)

CTU-Malware-Capture-Botnet-73 (www.magnetikum.cz)

CTU-Malware-Capture-Botnet-78-1 (Zeus version 2.1.0.1 capture for ~16 days) (MD5 5b1e1e909a6efca6cabc0fad8a0458a6)

CTU-Malware-Capture-Botnet-78-2 (Zeus version 2.1.0.1 capture for ~6.5 days) (MD5 5b1e1e909a6efca6cabc0fad8a0458a6)

CTU-Malware-Capture-Botnet-83-1 Unknown Malware. DGA (MD5 7dc720d62553119efa2ca180237cc530)

CTU-Malware-Capture-Botnet-83-2 Unknown Malware. DGA (MD5 7dc720d62553119efa2ca180237cc530)

CTU-Malware-Capture-Botnet-89-1 (MD5 3a134fd586d2c3ecd4db7cb0e71aaa45)

CTU-Malware-Capture-Botnet-90 Conficker Botnet. 11 hours of a (MD5 d60e538e721c30a0ea946404330f324a)

CTU-Malware-Capture-Botnet-91 Conficker Botnet. 10 pc infected, 11 pc normal. 1 infected with something more (MD5 53077cd8545c1c2588acaed3d8818180)

CTU-Malware-Capture-Botnet-92 (Rbot Botnet controlled by us) (MD5 3f5b51ff0533f020a7ec7d9ecd5e45b9)

CTU-Malware-Capture-Botnet-104-1 Yakes Malware: (MD5 6f192c38d24c17ddd0d4de60b12ae2e2)

CTU-Malware-Capture-Botnet-107-1 Yakes Malware: (MD5 0cc9906c7bfcff6276910ac8fa48c280)

CTU-Malware-Capture-Botnet-108-1 Cridex/Yakes Malware: (MD5 25b8631afeea279ac00b2da70fffe18a)

CTU-Malware-Capture-Botnet-109-1 Cridex Malware: (MD5 5fce64eb222aa41e4fb967e9d8fb6a22)

CTU-Malware-Capture-Botnet-110-1 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-110-2 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-110-3 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-110-4 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-110-5 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-110-6 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-111-1 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-111-2 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-111-3 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-111-4 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-111-5 (MD5 e515267ba19417974a63b51e4f7dd9e9)

CTU-Malware-Capture-Botnet-112-1 (MD5 919a8a6d873bb2a7263d8309249726fd)

CTU-Malware-Capture-Botnet-112-2 (MD5 919a8a6d873bb2a7263d8309249726fd)

CTU-Malware-Capture-Botnet-112-3 (MD5 919a8a6d873bb2a7263d8309249726fd)

CTU-Malware-Capture-Botnet-112-4 (MD5 919a8a6d873bb2a7263d8309249726fd)

CTU-Malware-Capture-Botnet-113-1 Probably Dridex (MD5 148112df459ba40b9127f7d4f1c08df2)

CTU-Malware-Capture-Botnet-114-1 Probably Emotet (MD5 8baa9b809b591a11af423824f4d9726a)

CTU-Malware-Capture-Botnet-114-2 Probably Emotet (MD5 8baa9b809b591a11af423824f4d9726a)

CTU-Malware-Capture-Botnet-114-3 Probably Emotet (MD5 8baa9b809b591a11af423824f4d9726a)

CTU-Malware-Capture-Botnet-114-4 Probably Emotet (MD5 8baa9b809b591a11af423824f4d9726a)

CTU-Malware-Capture-Botnet-115-1 Volatile Cedar (MD5 5ca3ac2949022e5c77335f7e228db1d8)

CTU-Malware-Capture-Botnet-116-1 Probably Kazy (Zeus Related 2012) (MD5 8df6603d7cbc2fd5862b14377582d46a)

CTU-Malware-Capture-Botnet-116-2 Probably Kazy (Zeus Related 2012) (MD5 8df6603d7cbc2fd5862b14377582d46a)

CTU-Malware-Capture-Botnet-116-3 Probably Kazy (Zeus Related 2012) (MD5 8df6603d7cbc2fd5862b14377582d46a)

CTU-Malware-Capture-Botnet-116-4 Probably Kazy (Zeus Related 2012) (MD5 8df6603d7cbc2fd5862b14377582d46a)

CTU-Malware-Capture-Botnet-118-1 Probable Trojan Upatre (MD5 6093329dbda17782bb8dc31cf223a18)

CTU-Malware-Capture-Botnet-119-1 Probably Geodo (MD5 306573e52008779a0801a25fafb18101)

CTU-Malware-Capture-Botnet-119-2 Probably Geodo (MD5 306573e52008779a0801a25fafb18101)

CTU-Malware-Capture-Botnet-119-3 Probably Geodo (MD5 306573e52008779a0801a25fafb18101)

CTU-Malware-Capture-Botnet-120-1 njRat RAT. Custom C&C server (MD5 d1e1acd259b5548c2f09906dc3efa7df)

CTU-Malware-Capture-Botnet-120-2 njRat RAT. Custom C&C server (MD5 d1e1acd259b5548c2f09906dc3efa7df)

CTU-Malware-Capture-Botnet-121-1 Unknown Trojan. MD5b0e3ae153c81f5a7576402cd3ad77f10 (MD5 b0e3ae153c81f5a7576402cd3ad77f10)

CTU-Malware-Capture-Botnet-122-1 Probably Geodo (MD5 7cd95f1500289d4ba938169610060de0)

CTU-Malware-Capture-Botnet-122-2 Probably Geodo (MD5 7cd95f1500289d4ba938169610060de0)

CTU-Malware-Capture-Botnet-123-1 Access to http://sansarall.ru/ (MD5 http://sansarall.ru/)

CTU-Malware-Capture-Botnet-124-1 Module downloaded from Geodo/Emotet Botnet. (MD5 84b96b96f60284a21addb1b2873d6aaa)

CTU-Malware-Capture-Botnet-125-1 Geodo Botnet. (MD5 35cf982449765a4f163bcf822e663f03)

CTU-Malware-Capture-Botnet-125-2 Geodo Botnet. (MD5 35cf982449765a4f163bcf822e663f03)

CTU-Malware-Capture-Botnet-126-1 Geodo Botnet. (MD5 f53122c2c721a2f05a6c166ceb39c7f4)

CTU-Malware-Capture-Botnet-127-1 Miuref Botnet. (MD5 a41d395286deb113e17bd3f4b69ec182)

CTU-Malware-Capture-Botnet-127-2 Miuref Botnet. (MD5 a41d395286deb113e17bd3f4b69ec182)

CTU-Malware-Capture-Botnet-128-1 Miuref Botnet. (MD5 3b1756229e4bb6ad5f8859ff32d0077e)

CTU-Malware-Capture-Botnet-128-2 Miuref Botnet. (MD5 3b1756229e4bb6ad5f8859ff32d0077e)

CTU-Malware-Capture-Botnet-129-1 Probably Upatre Botnet. (MD5 dce559be94540048148cd6a7dd742dee)

CTU-Malware-Capture-Botnet-130-1 Probably MSIL/Spy.Agent. (MD5 76cb79d267cee4b26780997f14042d1a)

CTU-Malware-Capture-Botnet-131-1 Bubble Dock Adware. (MD5 2d17f8f6fab6da5619c7528e9b0ee135)

CTU-Malware-Capture-Botnet-132-1 Link http://singin.loginto.me/050915/dsfihkfisgbdfsdfbsdkfs.php? Then file with (MD5f589827c4cf94662544066b80bfda6ab). Name Unknown

CTU-Malware-Capture-Botnet-133-1 Unknown (MD5 f589827c4cf94662544066b80bfda6ab). Same binary as CTU-132-1

CTU-Malware-Capture-Botnet-134-1 CryptoWall 3.0 (MD5 6daff56b1c5429b7460dcf836803bea3)

CTU-Malware-Capture-Botnet-135-1 Stlrat DDoS (MD5 c7838b75ba10b0341554d25fbcc3bbc0)

CTU-Malware-Capture-Botnet-137-1 BAB0 test APT malware (MD5 67883bdcf39bb375b37224f70e7f1c05)

CTU-Malware-Capture-Botnet-138-1 Flu RAT Malware (MD5 0858d8f8b06af40c9738003044a8cf0e)

CTU-Malware-Capture-Botnet-140-1 Bunitu botnet (Stripped) (MD5 5aeb4b21066217ea08f77ba9390f31b5)

CTU-Malware-Capture-Botnet-140-2 Bunitu botnet. (Stripped) (MD5 5aeb4b21066217ea08f77ba9390f31b5)

CTU-Malware-Capture-Botnet-141-1 Bunitu botnet (original) (MD5 542f7b96990de6cd3b04b599c25ebe57)

CTU-Malware-Capture-Botnet-141-2 Bunitu botnet (original) (MD5 542f7b96990de6cd3b04b599c25ebe57)

CTU-Malware-Capture-Botnet-142-1 Shifu Banking Trojan. DGA (MD5 b9bc3f1b2aace824482c10ffa422f78b)

CTU-Malware-Capture-Botnet-143-1 Upatre (MD5 d7ae20e8a6fc3c8bfb558a119d88c6e7)

CTU-Malware-Capture-Botnet-144-1 Normal Utorrent program (MD5 14ee6c0e28d6e407db35f7b12e3fac03)

CTU-Malware-Capture-Botnet-145-1 Fake Utorrent program also detected as Adware.OpenCandy.173 (MD5 81da67d8b1d299230ddf9c8e0cecbb1e)

CTU-Malware-Capture-Botnet-147-1 Avzhan - DDoS (MD5 98efaa9cd6bbd2a54ce6d5b91397469a)

CTU-Malware-Capture-Botnet-148-1 Variant.Zusy (MD5 2b699579010f0f489903594e86b7e116)

CTU-Malware-Capture-Botnet-149-1 Kelihos Botnet (MD5 990e5daa285f5c9c6398811edc68a659)

CTU-Malware-Capture-Botnet-149-2 Kelihos (MD5 990e5daa285f5c9c6398811edc68a659)

CTU-Malware-Capture-Botnet-150-1 Tinba Banking Trojan (MD5 e9718e38e35ca31c6bc0281cb4ecfae8)

CTU-Malware-Capture-Botnet-151-1 Gh0st RAT Real (MD538c7274b4d97ee02151294c36fc85423). Exe download.

CTU-Malware-Capture-Botnet-152-1 Probably HW32.Packed (MD5 e23f78cd1367646b783ba5c6fc4a6459)

CTU-Malware-Capture-Botnet-153-1 Dridex (MD5 aaf2070192032e4e4cde5e16d0d7fcce)

CTU-Malware-Capture-Botnet-155-1 CRDF/Malware/Trojan Generic (MD5 f4fa08dd11cfa16bb42f2e2fc92d9b99)

CTU-Malware-Capture-Botnet-156-1 Trojan.Regin.B.sm (MD5 5aef49f8e68a57d8e526042b8d913c14)

CTU-Malware-Capture-Botnet-157-1 Linux Botnet Uknown (MD5 0544317e48d4a773a3e4a6faa028ff1b)

CTU-Malware-Capture-Botnet-158-1 Probable Tinba Trojan?. DGA (MD5 14010ce6f03e0a978693424d60e34ba9)

CTU-Malware-Capture-Botnet-159-1 Probable Tinba Trojan? DGA. (MD5 14010ce6f03e0a978693424d60e34ba9)

CTU-Malware-Capture-Botnet-160-1 Probable Tinba Trojan?. DGA (MD5 14010ce6f03e0a978693424d60e34ba9)

CTU-Malware-Capture-Botnet-161-1 Probable Trojan Backdoor Artemis? MSIL? (MD5 9a6e37a8a1a18798226060f860cd7902)

CTU-Malware-Capture-Botnet-162-1 Upatre (MD5 b8fc436bab8c22cdfa2d4d137358ca93)

CTU-Malware-Capture-Botnet-162-2 Upatre (MD5 b8fc436bab8c22cdfa2d4d137358ca93)

CTU-Malware-Capture-Botnet-163-1 Probably Kazy (MD5 9a2f8cbc8b1e583391a7c056efc76f1b)

CTU-Malware-Capture-Botnet-164-1 Probably Vawtrak (MD5 c5d81a096cbc34edd0046e33cffbe070)

CTU-Malware-Capture-Botnet-165-1 Probably Zeus (MD5 7e3b8c6062f7f11fef7cd66d068539c7)

CTU-Malware-Capture-Botnet-166-1 Probably Tinba. DGA. (MD5 14010ce6f03e0a978693424d60e34ba9)

CTU-Malware-Capture-Botnet-167-1 New Storm variant (MD5 b73aa307e8c2328f6a7dfde1a1f024fc)

CTU-Malware-Capture-Botnet-168-1 Andromeda Botnet, 3.8 days (MD5 be8797e324da219fedf06732347c4993)

CTU-Malware-Capture-Botnet-168-2 Andromeda Botnet, 9 days (MD5 be8797e324da219fedf06732347c4993)

CTU-Malware-Capture-Botnet-169-1 Miuref (MD5 8dc809e0f25220e1d6b578eee2e80c33)

CTU-Malware-Capture-Botnet-169-2 Miuref (MD5 8dc809e0f25220e1d6b578eee2e80c33)

CTU-Malware-Capture-Botnet-169-3 Miuref, 8.13 days (MD5 8dc809e0f25220e1d6b578eee2e80c33)

CTU-Malware-Capture-Botnet-170-1 Necurs (MD5 1db5333a57f56c4b80bc213ed7675793)

CTU-Malware-Capture-Botnet-173-1 Miuref (MD5 b6a34c79f5dbbcb3fda3bb18031bcecb)

CTU-Malware-Capture-Botnet-174-1 Barys (MD5 48f9fbc5bbfc96fb3431ef39fd8c0d8f)

CTU-Malware-Capture-Botnet-175-1 Infected with https://goo.gl/NrGdrX

CTU-Malware-Capture-Botnet-176-1 Ncurse (MD5 943a641f4336f919a14bb10cad6daa5e)

CTU-Malware-Capture-Botnet-177-1 Adware.Win32.Amonetize.heur? (MD5 f8d745fc2097ab73af9bd80dfd906e42)

CTU-Malware-Capture-Botnet-178-1 ?? (MD5 234e1bb765bd2b4e5f5e563b174d6ccb) Same as 177-1?

CTU-Malware-Capture-Botnet-179-1 Barys (MD5 d2cd5e2dd5a2f839712b054d779edba2)

CTU-Malware-Capture-Botnet-180-1 Unknown? (MD5 096aa35233bcecbe60a3d4442060cfd9)

CTU-Malware-Capture-Botnet-181-1 Unknown? (MD5 c3567e73c64b77461ef567347b5b8580)

CTU-Malware-Capture-Botnet-182-1 Razy (MD5 d90a06855c6e4a03f6e5939a6b2a2e40)

CTU-Malware-Capture-Botnet-183-1 Locky Ransomware (MD5 4adfc91f1cc5545b6903a300d11dd3b0)

CTU-Malware-Capture-Botnet-184-1 Cerber Ransomware (MD5 34db7f97e0856941ed9c35716700d2a6)

CTU-Malware-Capture-Botnet-185-1 Trojan.Rasftuby (MD5 48616dd47e12e369feef53a57830158a)

CTU-Malware-Capture-Botnet-187-1 Trojan LuminosityLink (MD5 daf0b1d58c8b8fd7d08bc237c5cdb31d)

CTU-Malware-Capture-Botnet-188-1 Trojan.Rasftuby (MD5 48616dd47e12e369feef53a57830158a)

CTU-Malware-Capture-Botnet-189-1 Dynamer (MD5 9597fc80f793bbeceed69be9b1344fdb)

CTU-Malware-Capture-Botnet-190-1 Cerber Ransomware (MD5 54d07ec77e3daaf32b2ba400f34dd370)

CTU-Malware-Capture-Botnet-191-1 TrojanDownloader:Win32/Upatre.R (MD5 d7f3de700b99d3d03c5cd2309b635738)

CTU-Malware-Capture-Botnet-192-1 RemoteAdmin.Ammyy (MD5 11bc606269a161555431bacf37f7c1e4)

CTU-Malware-Capture-Botnet-192-2 RemoteAdmin.Ammyy (MD5 11bc606269a161555431bacf37f7c1e4)

CTU-Malware-Capture-Botnet-192-3 RemoteAdmin.Ammyy (MD5 11bc606269a161555431bacf37f7c1e4)

CTU-Malware-Capture-Botnet-193-1 Win32/Bundled.Toolbar.Google.D (MD5 db9530dff0a71d48e4877d47990af006)

CTU-Malware-Capture-Botnet-193-2 Win32/Bundled.Toolbar.Google.D (MD5 db9530dff0a71d48e4877d47990af006)

CTU-Malware-Capture-Botnet-194-1 Win32.Application.OpenCandy (MD5 5a6bd2a6fa1323ac96e860dfa6cbc9b6)

CTU-Malware-Capture-Botnet-195-1 OpenCandy (MD5 58e286356ed95579127915341d05544a)

CTU-Malware-Capture-Botnet-196-1 ReImage (MD5 5ab1619363cd6d32defd85f7a5973ab3)

CTU-Malware-Capture-Botnet-197-1 FusionCore (MD5 6ba07b3fe6b15fc1c3e6550350814ee9)

CTU-Malware-Capture-Botnet-198-1 Worm.Allaple (MD5 79a997e0768657ebb066d48e5630570e)

CTU-Malware-Capture-Botnet-199-1 MediaGet (MD5 1a9d37af72eb45483a4d56a7211790a5)

CTU-Malware-Capture-Botnet-200-1 Dr.Autoit (MD5 2327cbcae418740100f295d95f2660ce)

CTU-Malware-Capture-Botnet-201-1 BundleApp (MD5 e6d17971f0a6265a9efd7c57e6709bd0)

CTU-Malware-Capture-Botnet-202-1 PUP.Adware (MD5 37db7e527c159ca181f9e94d8939bafb)

CTU-Malware-Capture-Botnet-203-1 Trojan.Yakes (MD5 8d1bcbf39876e255e93f5deba8ae661c)

CTU-Malware-Capture-Botnet-204-1 Toolbar.Google (MD5 93b05307afa14e1231be0d0535497a2a)

CTU-Malware-Capture-Botnet-205-1 http://downloadming.tv/mirzya-2016-mp3-songs

CTU-Malware-Capture-Botnet-205-2 http://downloadming.tv/mirzya-2016-mp3-songs

CTU-Malware-Capture-Botnet-206-1 Wisdomeyes Trojan (MD5 4108b38c3b8a11d6e9b5854cd1ed0467)

CTU-Malware-Capture-Botnet-207-1 Trojan MSIL/Injector (MD5 208e67b268a18f7f798a4e1013fc851a)

CTU-Malware-Capture-Botnet-208-1 OpenCandy (MD5 5fe59fc57869508e1c84812dbd36ce3b)

CTU-Malware-Capture-Botnet-209-1 PUA AdToolbar (MD5 e016c24380e135866d83dab1de24ef4d)

CTU-Malware-Capture-Botnet-210-1 Trojan.WisdomEyes (MD5 1aa8d5ca763ef73bb48afd5aab4566bb)

CTU-Malware-Capture-Botnet-211-1 NetTool/Netcut (MD5 59da0505b981f62df58c541e51c0be54)

CTU-Malware-Capture-Botnet-211-2 NetTool/Netcut (MD5 59da0505b981f62df58c541e51c0be54)

CTU-Malware-Capture-Botnet-213-1 PUA.OpenCandy (MD5 699eee9c5d4f3c79df7080f63fd9d579)

CTU-Malware-Capture-Botnet-214-1 Malware Locky (MD5 e7aad826559c8448cd8ba9f53f401182)

CTU-Malware-Capture-Botnet-215-1 Wisdomeyes (MD5 e27a354b0f666693bf274def607bc0dc)

CTU-Malware-Capture-Botnet-215-2 Wisdomeyes (MD5 e27a354b0f666693bf274def607bc0dc)

CTU-Malware-Capture-Botnet-216-1 TrojanAgent (MD5 8e7a7165648229c6695b718734214bef)

CTU-Malware-Capture-Botnet-217-1 Trojan.Dynamer (MD5 3261d45051542ab3e54fa541f132f899)

CTU-Malware-Capture-Botnet-218-1 Dridex.A (MD5 6233778c733daa00ce5b9b25aae0a3cb)

CTU-Malware-Capture-Botnet-219-1 WisdomEyes (MD5 39015e14ecafa7b9e1a82aeac2b4ed6d)

CTU-Malware-Capture-Botnet-220-1 Unknown yet ?? (MD5 a0840a39ec90e1f603e2f4be42a87026)

CTU-Malware-Capture-Botnet-221-1 Locky?. DGA. (MD5 4d9838607597427f2dd6b1d2092f1e76)

CTU-Malware-Capture-Botnet-222-1 PUP.Plumbytes (MD5 b83652050009e6134720d77594c57e0c)

CTU-Malware-Capture-Botnet-223-1 Pony (MD5 d1b4ca6509e798fff1837af915beaad1)

CTU-Malware-Capture-Botnet-224-1 Zbot? Gootkit? (MD5 18766840553512d3d80249e5c8ddcf16)

CTU-Malware-Capture-Botnet-225-1 Tinba (MD5 a349b49b53b2b5a53de35ba25d8c4ea8)

CTU-Malware-Capture-Botnet-226-1 Worm.Netsky (MD5 3018e99857f31a59e0777396ae634a8f)

CTU-Malware-Capture-Botnet-227-1 Dridex (MD5 a47e6627f3e90c160fecad88b8135acb)

CTU-Malware-Capture-Botnet-228-1 Dridex (MD5 81e94ac247fecb32add3a666d11beb9e)

CTU-Malware-Capture-Botnet-229-1 Trojan.Dynamer (MD5 30745a82b9419cf79a5d0b1bab47da66)

CTU-Malware-Capture-Botnet-230-1 Trojan.MSIL (MD5 0ec2a5409fbce8ca1010d9555dedc65e)

CTU-Malware-Capture-Botnet-231-1 W32/CoreBot (MD5 71aaf68437dbe995dd1d8dd7f1021e6a)

CTU-Malware-Capture-Botnet-232-1 Win32/Taobao.PUA(MD5 0f9de35d1871a1dc5beeef9f5f312e45)

CTU-Malware-Capture-Botnet-233-1 Trojan.Tinba (MD5 4d57a2501c05afe029206a6c753f3919)

CTU-Malware-Capture-Botnet-234-1 Dyreza (MD5 79c76007671fb99dd6a5aad02f563938)

CTU-Malware-Capture-Botnet-235-1 TrojanSpy:Win32/Banker (MD5 f0f09c0c29c0c16e7d7ce831c0472f5a)

CTU-Malware-Capture-Botnet-236-1 Locky Ransomware? (MD5 a6352ff1b62a33d6fafb6b15c9353812)

CTU-Malware-Capture-Botnet-237-1 PUA.Taobao (MD5 d0945f9a3409aee04b893ef1645c6075)

CTU-Malware-Capture-Botnet-238-1 TrickBot (MD5 b6d9e83f6e157c259da155e562bfe04b)

CTU-Malware-Capture-Botnet-239-1 TrickBot (MD5 b0aecb48821a18210a2838fbeed800f1)

CTU-Malware-Capture-Botnet-240-1 TrickBot (MD5 c957c5be0a2985adf600988f477cb491)

CTU-Malware-Capture-Botnet-241-1 TrickBot (MD5 7c919970a593c41ec104fa2fb7f0d12b)

CTU-Malware-Capture-Botnet-242-1 TrickBot (MD5 d2bff49cba429d2c53fc4a2852cd9977)

CTU-Malware-Capture-Botnet-243-1 TrickBot (MD5 c4ea8104af713582afb76f773a037f28)

CTU-Malware-Capture-Botnet-244-1 TrickBot (MD5 4c1e2650a7d104b695a853f64a455cfa)

CTU-Malware-Capture-Botnet-245-1 Trojan.Banker (MD5 06b3ebbe64157f122548d6c33673a413)

CTU-Malware-Capture-Botnet-246-1 Dridex (MD5 3635ac6099baedae893b3991f730652c)

CTU-Malware-Capture-Botnet-247-1 TrickBot (MD5 0afaa4f4137b846e456e52f72faf9aa0)

CTU-Malware-Capture-Botnet-248-1 Dridex (MD5 f1d06663a626a7ad7a882f1ddf3734fd)

CTU-Malware-Capture-Botnet-249-1 Dridex (MD5 af07a28f2cf91bbf57fd5023ee21b336)

CTU-Malware-Capture-Botnet-252-1 Wannacry (MD5 e16b903789e41697ecab21ba6e14fa2b)

CTU-Malware-Capture-Botnet-253-1 Wannacry. With real SMB infections (MD5 d5dcd28612f4d6ffca0cfeaefd606bcf)

CTU-Malware-Capture-Botnet-254-1 Wannacry. Didn’t check the domain, didn’t attack (MD5 84c82835a5d21bbcf75a61706d8ab549)

CTU-Malware-Capture-Botnet-255-1  Tagarep (MD5 48022b0327a73aa3401a6630a9a557e5)

CTU-Malware-Capture-Botnet-256-1  Wannacry (MD5 48022b0327a73aa3401a6630a9a557e5)

CTU-Malware-Capture-Botnet-257-1  Dridex (MD5 afcdd8c611cacb71286598e5574901d9)

CTU-Malware-Capture-Botnet-258-1  WannaCry (MD5 4287e15af6191f5cab1c92ff7be8dcc3)

CTU-Malware-Capture-Botnet-259-1  Dridex (MD5 1fb70ccfbceb646072cd84687ba38e8b)

CTU-Malware-Capture-Botnet-260-1  Dridex (MD5 0243c9bb903d6f89d7eeadae882cf591)

CTU-Malware-Capture-Botnet-261-1  Trickbot (MD5 bb9e0b23fc6cba27ba670547b7890273)

CTU-Malware-Capture-Botnet-261-2  Trickbot (MD5 bb9e0b23fc6cba27ba670547b7890273)

CTU-Malware-Capture-Botnet-262-1  Sennoma (MD5 e15b22db532faa2d7cdfe8b04a4588a1)

CTU-Malware-Capture-Botnet-263-1  Dridex (MD5 1a2c663e8f135f798fe8772dc5e28ad2)

CTU-Malware-Capture-Botnet-264-1  Emotet (MD5 28140bd636324bad2f0e8394f3e7f723)

CTU-Malware-Capture-Botnet-264-2  Emotet (MD5 28140bd636324bad2f0e8394f3e7f723)

CTU-Malware-Capture-Botnet-265-1  Trickbot (MD5 45160aa23d640f8d1bcb263c179f84f9)

CTU-Malware-Capture-Botnet-266-1  Trickbot (MD5 be4c49482221630647a8038ce977fc4f)

CTU-Malware-Capture-Botnet-267-1  Trickbot (MD5 9d166a822439a47eb2dfad1aeb823638)

CTU-Malware-Capture-Botnet-268-1   (MD5 ac765e9809de73f444cd2cce04256dac)

CTU-Malware-Capture-Botnet-269-1  Emotet (MD5 3988863fb18686dc6657245afddb597d)

CTU-Malware-Capture-Botnet-270-1  wannaCry (MD5 8dd63adb68ef053e044a5a2f46e0d2cd)

CTU-Malware-Capture-Botnet-271-1  Emotet (MD5 a2350072233e3547a07a2b38509e8711)

CTU-Malware-Capture-Botnet-272-1  Emotet (MD5 8a5d3cada819fe7fd9db67d8c0af120e)

CTU-Malware-Capture-Botnet-273-1  Trickbot (MD5 49c19450ce74c4941940c70b8c51f22a)

CTU-Malware-Capture-Botnet-274-1  Razy (MD5 4b18f9ba943aaeba75a66a2865fed5f2)

CTU-Malware-Capture-Botnet-275-1  Artemis (MD5 e54487f78f267fa25ba08df71fb53a26)

CTU-Malware-Capture-Botnet-276-1  Emotet (MD5 fa0cea9b855b83dc6a9f8d931882efd2)

CTU-Malware-Capture-Botnet-276-2  Emotet (MD5 fa0cea9b855b83dc6a9f8d931882efd2)

CTU-Malware-Capture-Botnet-277-1  Trickster(MD5 440d284b8c4b85f806b113507dc55004)

CTU-Malware-Capture-Botnet-278-1  (MD5 1dd5709c6955b3627c0ef0171519dd38)

CTU-Malware-Capture-Botnet-279-1  Emotet (MD5 402d735e59d191b2bde2f5f094688de5)

CTU-Malware-Capture-Botnet-280-1 Pony or Trojan Valyria (MD5 d9f77f23fce07ee24ce54debed65b16a)

CTU-Malware-Capture-Botnet-281-1 Trojan Strictor with MITM proxy and access to https://www.us.hsbc.com (MD5 6e2c7ac99c050398518c06cfe913b59c)

CTU-Malware-Capture-Botnet-282-1 Trojan Strictor without MITM proxy and access to https://www.us.hsbc.com (MD5 6e2c7ac99c050398518c06cfe913b59c)

CTU-Malware-Capture-Botnet-283-1 Wannacry v1 with a Win10 in the same network. Infection failed. (MD5 e16b903789e41697ecab21ba6e14fa2b)

CTU-Malware-Capture-Botnet-284-1 Wannacry v1 with a Win7 in the same network. Infection successful (MD5 e16b903789e41697ecab21ba6e14fa2b)

CTU-Malware-Capture-Botnet-285-1 Normal computer infected remotely with Wannacry v1 by a pn in the same network. Infection successful (MD5 e16b903789e41697ecab21ba6e14fa2b)

CTU-Malware-Capture-Botnet-286-1 Wannacry Ransomware pc (withhout killswitch) that infects another computer in the network. The normal pc that was infected is published here. (MD5 d724d8cc6420f06e8a48752f0da11c66)

CTU-Malware-Capture-Botnet-287-1 Normal computer remotely infected with Wannacry (withhout killswitch). The original infected pc is published here. (MD5 d724d8cc6420f06e8a48752f0da11c66)

CTU-Malware-Capture-Botnet-288-1 NotPetya Ransomware infecting another pc in the local network. The other pc is CTU-289-1 (MD5 051084202473f534605c98da8bc20f04)

CTU-Malware-Capture-Botnet-289-1 Normal computer infected by NotPetya Ransomware from another pc in the local network. The orignally infected pc is CTU-288-1(MD5 051084202473f534605c98da8bc20f04)

CTU-Malware-Capture-Botnet-294-1 Normal computer being infected by Wannacry Ranswomware from another pc in the local network. (MD5 05a00c320754934782ec5dec1d5c0476)

CTU-Malware-Capture-Botnet-295-1 Wannacry Ranswomware infecting another pc in the local network. (MD5 05a00c320754934782ec5dec1d5c0476)

CTU-Malware-Capture-Botnet-296-1 Wannacry Ranswomware infecting another pc in the local network. The other pc is CTU-297-1 (MD5 05a00c320754934782ec5dec1d5c0476)

CTU-Malware-Capture-Botnet-297-1 Normal computer being infected by Wannacry Ranswomware from another pc in the local network. The original wannacry pc is CTU-296-1(MD5 05a00c320754934782ec5dec1d5c0476)

CTU-Malware-Capture-Botnet-298-1 NotPetya Ransomware infecting another pc in the local network. The other pc is CTU-299-1 (MD5 051084202473f534605c98da8bc20f04)

CTU-Malware-Capture-Botnet-299-1 Normal computer infected by NotPetya Ransomware from another pc in the local network. The orignally infected pc is CTU-298-1(MD5 051084202473f534605c98da8bc20f04)

CTU-Malware-Capture-Botnet-300-1
Sathurbot malware brute forcing WordPress sites. Captured for the research of Anna Shirokova presented in her Brucon talk. To run this malware we had to first install the original BitTorrent client (MD5 6548d6013af8f8ccccf41cf0cd78372b).

CTU-Malware-Capture-Botnet-301-1 
Sathurbot malware brute forcing WordPress sites. Captured for the research of Anna Shirokova presented in her Brucon talk. To run this malware we had to first install the original BitTorrent client (MD5 6548d6013af8f8ccccf41cf0cd78372b).

CTU-Malware-Capture-Botnet-302-1 
Trickster (MD5 e44379076c75d233ab7be1993fa99093)

CTU-Malware-Capture-Botnet-303-1
Sathurbot malware brute forcing WordPress sites. Captured for the research of Anna Shirokova presented in her Brucon talk. To run this malware we had to first install the original BitTorrent client (MD5 6548d6013af8f8ccccf41cf0cd78372b).

CTU-Malware-Capture-Botnet-305-1 Artemis (MD5 ebb20174ee893c0754654668f3e837ff)

CTU-Malware-Capture-Botnet-306-1 Artemis (MD5 b73ec148b74e72c910575210b64f0d0f)

CTU-Malware-Capture-Botnet-308-1 Snojan (MD5 a16b750c545af3a0ba386f628020abd9)

CTU-Malware-Capture-Botnet-310-1 Yakes (MD5 ddbff1af87458be1cb6c8d6ae3e66b47)

CTU-Malware-Capture-Botnet-311-1 Artemis (MD5 5a5ac3721a74aa3ff99e678db2fd203c)

CTU-Malware-Capture-Botnet-313-1 Ursnif (MD5 5c90d5c529749bc1d64268f1aa203c17)

CTU-Malware-Capture-Botnet-313-1 Ursnif (MD5 5c90d5c529749bc1d64268f1aa203c17)

CTU-Malware-Capture-Botnet-314-1 Upatre (MD5 aab21189c136a5d741bfb97a00ee30ed)

CTU-Malware-Capture-Botnet-315-1 Graftor (MD5 4dfa6cc92e0ebd2c8d36cd16c864adad)

CTU-Malware-Capture-Botnet-316-1 Artemis (MD5 e8d2e2a7060960ac9b03fdabb37d367f)

CTU-Malware-Capture-Botnet-317-1 Trojan.Script.Heuristic-js.iacgm?

CTU-Malware-Capture-Botnet-315-1 Graftor (MD5 4dfa6cc92e0ebd2c8d36cd16c864adad)

CTU-Malware-Capture-Botnet-316-1 Artemis (MD5 e8d2e2a7060960ac9b03fdabb37d367f)

CTU-Malware-Capture-Botnet-318-1 Magic Hound (MD5 9d0e761f3803889dc83c180901dc7b22)

CTU-Malware-Capture-Botnet-319-1 Graftor (MD5 d35cf3c2335666ac0be74f93c5f5172f)

CTU-Malware-Capture-Botnet-320-1 CCleaner Trojan version (MD5 75735db7291a19329190757437bdb847)

CTU-Malware-Capture-Botnet-320-2 CCleaner Trojan version (MD5 75735db7291a19329190757437bdb847)

CTU-Malware-Capture-Botnet-321-1 Access of suspicious html files in a hacked or infected site

CTU-Malware-Capture-Botnet-322-1 Dridex (MD5 d2e6d34475fcba320609b1eb58884525)

CTU-Malware-Capture-Botnet-323-1 Trickster (MD5 06e67970894da9ae379becfa19c0ef64)

CTU-Malware-Capture-Botnet-324-1 Trickbot (MD5 3d5eeaa64da02d7066e5f57c25368757)

CTU-Malware-Capture-Botnet-325-1 Trickbot (MD5 011517b0b3c6a79d740033df71120392)

CTU-Malware-Capture-Botnet-326-1 Dridex (MD5 88d93ae49ac5b3d0750052eb4acdaca3)

CTU-Malware-Capture-Botnet-327-1 Trickbot (MD5 2b48789d9272700de5405bf9a9c05204)

CTU-Malware-Capture-Botnet-328-1 AutoIt (MD5 2b48789d9272700de5405bf9a9c05204)

CTU-Malware-Capture-Botnet-329-1 Coinminer? (MD5 e52754c570bb2c47b34047d0062c6a8f)

CTU-Malware-Capture-Botnet-330-1 DownloadGuide (MD5 007cc81601483375bb2429f8d4ce3350)

CTU-Malware-Capture-Botnet-331-1 DownloadGuide (MD5 04cb105e0e58281bd94fb692191a255f)

CTU-Malware-Capture-Botnet-332-1 DownloadGuide (MD5 04cb105e0e58281bd94fb692191a255f)

CTU-Malware-Capture-Botnet-334-1 DownloadGuide (MD5 d127e8b9241fa303383ffa56b79ba394)

CTU-Malware-Capture-Botnet-335-1 PUA (MD5 08c3396b5dad3befa63f0eda9d4bf30f)

CTU-Malware-Capture-Botnet-336-1 Downware (MD5 9d033c9f9488d8300162aacc5e805c40)

CTU-Malware-Capture-Botnet-337-1 PUA (MD5 829b659b29ebee7a4d6c16d16ef1ef5f)

CTU-Malware-Capture-Botnet-338-1 CoinMiner (MD5 a2c45e02600b2413e7015ac9634f9bad)

CTU-Malware-Capture-Botnet-339-1 WebCompanion (MD5 31b6c42ac6e43b3774315e7b405ce23b)

CTU-Malware-Capture-Botnet-340-1 access to node.viaxmr.com

CTU-Malware-Capture-Botnet-341-1 Trojan Downloader (MD5 6ec4f663e633d010e57d1c5201fa61be)

CTU-Malware-Capture-Botnet-342-1 MinerTrojan (MD5 ad4c296849b12786e6b4edc8b271b3d9)

CTU-Malware-Capture-Botnet-343-1 Ramnit (MD5 36ceab965bdc5b13a638ad27436caf71)

CTU-Malware-Capture-Botnet-344-1 access to http://5.8.88.175

CTU-Malware-Capture-Botnet-345-1 Cobalt (MD5 95a1a53b1f3309b07722a2fd5b9ad1b5)

CTU-Malware-Capture-Botnet-346-1 Dridex (MD5 6164228ed2cc0eceba9ce1828d87d827)

CTU-Malware-Capture-Botnet-347-1 BitCoinMiner (MD5 acf6aade8ed9e7d1aea8c0c9f377a243)

CTU-Malware-Capture-Botnet-348-1 HTBot (MD5 64b2457c7474fa3fc4cadb0e5cded4ce)

CTU-Malware-Capture-Botnet-349-1 Adload (MD5 318c46ed68835672d766190a3ce531cc)

 

 

 


Manual attacks captures

CTU-Manual-Capture-Attack-1: Real traffic capture of a heartbleed attack.

CTU-Manual-Capture-Attack-2: Real traffic capture of a heartbleed attack. Different machines were used for the attacker, normal traffic and the victim.