Update: Feb 19. 2015
We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.
I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks. The public pcaps have no passwords on them.
Update:Dec 13. 2014
Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out the folder ( Pcap collection (New link)) for the recent pcaps!
Update:Dec 31. 2013 - added new pcaps
I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware identification. While there are some online public sandboxes offering pcaps for download like Cuckoo or Anubis but looking for them is a tedious task and you cannot be totally sure the pcap is for the malware family supposedly analysed - in other words, if the sandbox says it is Zeus does not necessarily mean that it is.
I found some good pcap repositories here (http://www.netresec.com/?page=PcapFiles) but there are very few pcaps from malware.
These are from identified and verified (to the best of my knowledge and belief - email me if you find errors) malware samples.
All of them show the first stage with the initial callback and most have the DNS requests as well. A few pcaps show extended malware runs (e.g. purplehaze pcap is over 500mb).
Most pcaps are mine, a few are from online sandboxes, and one is borrowed from malware.dontneedcoffee.com. That said, I can probably find the corresponding samples for all that have MD5 listed if you really need them. Search contagio, some are posted with the samples.
Each file has the following naming convention:
BIN [RTF, PDF] - the filetype of the dropper used, malware family name, MD5, and year+month of the malware analysis.
I will be adding more pcaps in the future. Please donate your pcaps from identified samples, I am sure many of you have.
Thank you
Download
Download all together or separately.
All pcaps archives have the same password (same scheme), email me if you need it. I tried posting it without any passwords and pass infected but they get flagged as malware. Modern AV rips though zips and zips with the pass 'infected' with ease.
APT PCAPS
- 2012-12-31 BIN_Xinmic_8761F29AF1AE2D6FACD0AE5F487484A5-pcap
- 2013-09-08 BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29-pcap
- 2013-09-08 BIN_Darkcomet_DC98ABBA995771480AECF4769A88756E-pcap
- 2013-09-02 8202_tbd_ 6D2C12085F0018DAEB9C1A53E53FD4D1-pcap
- 2013-09-02 BIN_8202_6d2c12085f0018daeb9c1a53e53fd4d1-pcap
- 2013-09-02 BIN_Vidgrab_6fd868e68037040c94215566852230ab-pcap
- 2013-09-02 BIN_PlugX_2ff2d518313475a612f095dd863c8aea-pcap
- 2013-09-02 BIN_Taidoor_46ef9b0f1419e26f2f37d9d3495c499f-pcap
- 2013-09-02 BIN_Vidgrab_660709324acb88ef11f71782af28a1f0-pcap
- 2013-09-02 BIN_Gh0st-gif_f4d4076dff760eb92e4ae559c2dc4525-pcap.zip
- 2013-07-15 BIN_Taleret.E_5328cfcb46ef18ecf7ba0d21a7adc02c.pcap
- 2013-05-14 BIN_Mediana_0AE47E3261EA0A2DBCE471B28DFFE007_2012-10.pcap
- 2013-05-14 BIN_Hupigon_8F90057AB244BD8B612CD09F566EAC0C
- 2013-05-14 BIN_LetsGo_yahoosb_b21ba443726385c11802a8ad731771c0_2011-07-19
- 2013-05-13 BIN_IXESHE_0F88D9B0D237B5FCDC0F985A548254F2-2013-05-pcap
- 2013-05-06 BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11-pcap
- 2013-05-06 BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30-pcap
- 2013-05-06 BIN_BIN_RssFeeder_68EE5FDA371E4AC48DAD7FCB2C94BAC7-2012-06-pcap (not a common name, see the traffic ssheet http://bit.ly/maltraffic )
- 2013-04-30 BIN_MSWab_Yayih_FD1BE09E499E8E380424B3835FC973A8_us-pcap
- 2013-04-29 BIN_LURK_AF4E8D4BE4481D0420CCF1C00792F484_20120-10-pcap
- 2013-04-29 BIN_XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13-pcap
- BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01.pcap
- BIN_Gh0st_variant-v2010_B1D09374006E20FA795B2E70BF566C6D_2012-08.pcap
- BIN_Likseput_E019E37F19040059AB5662563F06B609_2012-10.pcap
- BIN_Nettravler_1f26e5f9b44c28b37b6cd13283838366.pcap
- BIN_Nettravler_DA5832657877514306EDD211DEF61AFE_2012-10.pcap
- BIN_Sanny-Daws_338D0B855421867732E05399A2D56670_2012-10.pcap
- BIN_Sofacy_a2a188cbf74c1be52681f998f8e9b6b5_2012-10.pcap
- BIN_Taidoor_40D79D1120638688AC7D9497CC819462_2012-10.pcap
- BIN_TrojanCookies_840BD11343D140916F45223BA05ABACB_2012_01.pcap
- PDF_CVE-2011-2462_Pdf_2011-12.pcap
- RTF_Mongall_Dropper_Cve-2012-0158_C6F01A6AD70DA7A554D48BDBF7C7E065_2013-01.pcap
- OSX_DocksterTrojan.pcap
CRIMEWARE PCAPS
- 2013-11-12_BIN_ChePro_2A5E5D3C536DA346849750A4B8C8613A-1.pcap
- 2013-10-15_BIN_cryptolocker_9CBB128E8211A7CD00729C159815CB1C.pcap
- 2013-09-20_BIN_Lader-dlGameoverZeus_12cfe1caa12991102d79a366d3aa79e9.pcap
- 2013-09-08 BIN_Tijcont_845B0945D5FE0E0AAA16234DC21484E0-pcap
- 2013-09-08 BIN_Kelihos_C94DC5C9BB7B99658C275B7337C64B33-pcap.zip
- 2013-08-19 BIN_Nitedrem_508af8c499102ad2ebc1a83fdbcefecb-pcap
- 2013-08-17 BIN_sality_CEAF4D9E1F408299144E75D7F29C1810-pcap
- 2013-08-15 BIN_torpigminiloader-pcap.zip
- 2013-13-08 EK_popads_109.236.80.170_2013-08-13.pcap
- 2013-11-08 BIN_Alinav5.3_4C754150639AA3A86CA4D6B6342820BE.pcap
- 2013-08-08 BIN_BitcoinMiner_F865C199024105A2FFDF5FA98F391D74-pcap
- 2013-08-07 BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08-pcap
- 2013-07-05 BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B
- 2013-05-31 Wordpress-Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-2pcap.pcap
- 2013-05-15 BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04.pcap
- 2013-05-15 BIN_Gypthoy_3EE49121300384FF3C82EB9A1F06F288-2013-05.pcap
- 2013-05-12 BIN_PassAlert_B4A1368515C6C39ACEF63A4BC368EDB2-2013-05-13
- 2013-05-12 BIN_HorstProxy_EFE5529D697174914938F4ABF115F762-2013-05-13-pcap
- 2013-05-12 BIN_Bitcoinminer_12E717293715939C5196E604591A97DF-2013-05-12-pcap
- 2013-05-07 BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05-pcapc
- 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
- 2013-05-05 BIN_GameThief_ECBA0FEB36F9EF975EE96D1694C8164C_2013-03-pcap
- 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
- 2013-04-27 EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04-pcap
- 2013-04-26 -- BIN_Citadel_3D6046E1218FB525805E5D8FDC605361-2013-04-samp
- BIN_CitadelPacked_2012-05.pcap
- BIN_CitadelUnpacked_2012-05.pcap
- BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10.pcap
- BIN_Darkmegi_2012-04.pcap
- BIN_DarknessDDoS_v8g_F03Bc8Dcc090607F38Ffb3A36Ccacf48_2011-01.pcap-
- BIN_dirtjumper_2011-10.pcap
- BIN_DNSChanger_2011-12.pcap
- BIN_Drowor_worm_0f015bb8e2f93fd7076f8d178df2450d_2013-04.pcap
- BIN_Googledocs_macadocs_2012-12.pcap
- BIN_Imaut_823e9bab188ad8cb30c14adc7e67066d.pcap
- BIN_IRCbot_c6716a417f82ccedf0f860b735ac0187_2013-04.pcap
- BIN_Kelihos_aka_Nap_0feaaa4adc31728e54b006ab9a7e6afa.pcap
- BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 .pcap
- BIN_purplehaze-2012-01.pcap
- BIN_ponyloader_470a6f47de43eff307a02f53db134289.pcap
- BIN_Ramnitpcap_2012-01.pcap
- BIN_Reedum_0ca4f93a848cf01348336a8c6ff22daf_2013-03.pcap
- BIN_SpyEye_2010-02.pcap
- BIN_Stabuniq_F31B797831B36A4877AA0FD173A7A4A2_2012-12.pcap
- BIN_Tbot_23AAB9C1C462F3FDFDDD98181E963230_2012-12.pcap
- BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12.pcap
- BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12.pcap
- BIN_Tbot_A0552D1BC1A4897141CFA56F75C04857_2012-12.pcap
- BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12.pcap
- BIN_Tinba_2012-06.pcap
- BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12.pcap
- BIN_Xpaj_2012-05.pcap
- BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10.pcap
- BIN_ZeusGameover_2012-02.pcap
- BIN_Zeus_2010-12.pcap
- EK_Blackholev1_2012-03.pcap
- EK_Blackholev1_2012-08.pcap
- EK_Blackholev2_2012-09.pcap
- EK_Blackhole_Java_CVE-2012-4681_2012-08.pcap
- EK_Phoenix_2012-04.pcap
- EK_Smokekt150(Malwaredontneedcoffee)_2012-09.pcap - credit malware.dontneedcoffee.com
- Tools For Hacker
- Hacker Tools Free
- Hacking Tools Kit
- Hackrf Tools
- Blackhat Hacker Tools
- Hacker Tools 2020
- Best Pentesting Tools 2018
- Pentest Tools Tcp Port Scanner
- Pentest Tools Free
- Free Pentest Tools For Windows
- Github Hacking Tools
- Hacking Apps
- Hacker Tools For Ios
- Pentest Automation Tools
- Pentest Tools Url Fuzzer
- Hack Tools Download
- Hacking Tools 2019
- Hacking Tools For Games
- Hack Tool Apk
- Hack Rom Tools
- Top Pentest Tools
- Nsa Hack Tools
- Hacking Tools Online
- Hack Tools 2019
- Hacking Tools Hardware
- Hack Tools Pc
- Pentest Tools Framework
- Hacker Tool Kit
- Hacker Tools List
- Hacker Search Tools
- How To Install Pentest Tools In Ubuntu
- Hack Rom Tools
- Pentest Tools Android
- Pentest Tools List
- Tools For Hacker
- Hack Tool Apk No Root
- Hack Tools For Ubuntu
- Pentest Tools For Android
- Pentest Tools Url Fuzzer
- Hacker Tools For Mac
- Hacker Tools For Windows
- Hack Tools For Ubuntu
- Hacker Tools Apk
- Hack And Tools
- Hack Tools
- Hack Tools For Windows
- Hacker Tools Hardware
- Pentest Tools Nmap
- Hacking Tools Free Download
- Hacker Search Tools
- Hack Rom Tools
- Hacking Tools 2019
- Pentest Tools Url Fuzzer
- Hacker Tools Free Download
- Hacking Tools For Beginners
- Usb Pentest Tools
- Hacking Tools Kit
- Hacker Tools For Ios
- Pentest Tools
- Hack And Tools
- Hackers Toolbox
- Underground Hacker Sites
- How To Make Hacking Tools
- Hacker Tools List
- Hacker Tools Mac
- Hacker Tools For Mac
- Pentest Tools Subdomain
- Nsa Hack Tools
- Pentest Box Tools Download
- Hacker Tools For Pc
- Hacker Tools
- Termux Hacking Tools 2019
- Hacking Tools Windows
- Growth Hacker Tools
- Hacking Tools Software
- World No 1 Hacker Software
- Hacking Tools For Mac
- Pentest Tools Windows
- Pentest Recon Tools
- Hacker Tools Free
- Hacker Tools Windows
- Kik Hack Tools
- Hack Tools Mac
- Github Hacking Tools
- Pentest Tools For Mac
- Hacker Tools Apk Download
- Pentest Tools Port Scanner
- Pentest Tools Github
- Pentest Tools List
- Hacking Tools Name
- Hacker Tools Github
- Nsa Hack Tools
- Hak5 Tools
- Pentest Tools Linux
- Tools For Hacker
- Pentest Tools Find Subdomains
- Nsa Hacker Tools
- Easy Hack Tools
- Hack Tools 2019
- Pentest Tools Linux
- Pentest Box Tools Download
- Pentest Tools Port Scanner
- Hacker Tools Windows
- Hack Tools Online
- Best Pentesting Tools 2018
- Install Pentest Tools Ubuntu
- Hack Tools Github
No comments:
Post a Comment