Saturday, August 29, 2020

Collection Of Pcap Files From Malware Analysis


Update: Feb 19. 2015

We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.

I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks. The public pcaps have no passwords on them.




Update:Dec 13. 2014 


Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out the folder ( Pcap collection (New link)) for the recent pcaps!



Update:Dec 31. 2013 - added new pcaps

I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware identification. While there are some online public sandboxes offering pcaps for download like Cuckoo or Anubis but  looking for them is a tedious task and you cannot be totally sure the pcap is for the malware family supposedly analysed - in other words, if the sandbox says it is Zeus does not necessarily mean that it is.

I found some good pcap repositories here (http://www.netresec.com/?page=PcapFiles) but there are very few pcaps from malware.

These are from identified and verified (to the best of my knowledge and belief - email me if you find errors) malware samples.

All of them show the first stage with the initial callback and most have the DNS requests as well. A few pcaps show extended malware runs (e.g. purplehaze pcap is over 500mb).
Most pcaps are mine, a few are from online sandboxes, and one is borrowed from malware.dontneedcoffee.com. That said, I can probably find the corresponding samples for all that have MD5 listed if you really need them. Search contagio, some are posted with the samples.

Each file has the following naming convention:
BIN [RTF, PDF] - the filetype of the dropper used, malware family name, MD5, and year+month of the malware analysis.

I will be adding more pcaps in the future. Please donate your pcaps from identified samples, I am sure many of you have.

Thank you




Download


Download all together or separately.

All pcaps archives have the same password (same scheme), email me if you need it. I tried posting it without any passwords and pass infected but they get flagged as malware. Modern AV rips though zips and zips with the pass 'infected' with ease.



APT PCAPS


  1. 2012-12-31 BIN_Xinmic_8761F29AF1AE2D6FACD0AE5F487484A5-pcap
  2. 2013-09-08 BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29-pcap
  3. 2013-09-08 BIN_Darkcomet_DC98ABBA995771480AECF4769A88756E-pcap
  4. 2013-09-02 8202_tbd_ 6D2C12085F0018DAEB9C1A53E53FD4D1-pcap
  5. 2013-09-02 BIN_8202_6d2c12085f0018daeb9c1a53e53fd4d1-pcap
  6. 2013-09-02 BIN_Vidgrab_6fd868e68037040c94215566852230ab-pcap
  7. 2013-09-02 BIN_PlugX_2ff2d518313475a612f095dd863c8aea-pcap
  8. 2013-09-02 BIN_Taidoor_46ef9b0f1419e26f2f37d9d3495c499f-pcap
  9. 2013-09-02 BIN_Vidgrab_660709324acb88ef11f71782af28a1f0-pcap
  10. 2013-09-02 BIN_Gh0st-gif_f4d4076dff760eb92e4ae559c2dc4525-pcap.zip
  11. 2013-07-15 BIN_Taleret.E_5328cfcb46ef18ecf7ba0d21a7adc02c.pcap
  12. 2013-05-14 BIN_Mediana_0AE47E3261EA0A2DBCE471B28DFFE007_2012-10.pcap
  13. 2013-05-14 BIN_Hupigon_8F90057AB244BD8B612CD09F566EAC0C
  14. 2013-05-14 BIN_LetsGo_yahoosb_b21ba443726385c11802a8ad731771c0_2011-07-19
  15. 2013-05-13 BIN_IXESHE_0F88D9B0D237B5FCDC0F985A548254F2-2013-05-pcap
  16. 2013-05-06 BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11-pcap
  17. 2013-05-06 BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30-pcap
  18. 2013-05-06 BIN_BIN_RssFeeder_68EE5FDA371E4AC48DAD7FCB2C94BAC7-2012-06-pcap (not a common name, see the traffic ssheet http://bit.ly/maltraffic )
  19. 2013-04-30 BIN_MSWab_Yayih_FD1BE09E499E8E380424B3835FC973A8_us-pcap
  20. 2013-04-29 BIN_LURK_AF4E8D4BE4481D0420CCF1C00792F484_20120-10-pcap
  21. 2013-04-29 BIN_XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13-pcap
  22. BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01.pcap
  23. BIN_Gh0st_variant-v2010_B1D09374006E20FA795B2E70BF566C6D_2012-08.pcap
  24. BIN_Likseput_E019E37F19040059AB5662563F06B609_2012-10.pcap
  25. BIN_Nettravler_1f26e5f9b44c28b37b6cd13283838366.pcap
  26. BIN_Nettravler_DA5832657877514306EDD211DEF61AFE_2012-10.pcap
  27. BIN_Sanny-Daws_338D0B855421867732E05399A2D56670_2012-10.pcap
  28. BIN_Sofacy_a2a188cbf74c1be52681f998f8e9b6b5_2012-10.pcap
  29. BIN_Taidoor_40D79D1120638688AC7D9497CC819462_2012-10.pcap
  30. BIN_TrojanCookies_840BD11343D140916F45223BA05ABACB_2012_01.pcap
  31. PDF_CVE-2011-2462_Pdf_2011-12.pcap
  32. RTF_Mongall_Dropper_Cve-2012-0158_C6F01A6AD70DA7A554D48BDBF7C7E065_2013-01.pcap
  33. OSX_DocksterTrojan.pcap

CRIMEWARE PCAPS



  1. 2013-11-12_BIN_ChePro_2A5E5D3C536DA346849750A4B8C8613A-1.pcap
  2. 2013-10-15_BIN_cryptolocker_9CBB128E8211A7CD00729C159815CB1C.pcap
  3. 2013-09-20_BIN_Lader-dlGameoverZeus_12cfe1caa12991102d79a366d3aa79e9.pcap
  4. 2013-09-08 BIN_Tijcont_845B0945D5FE0E0AAA16234DC21484E0-pcap
  5. 2013-09-08 BIN_Kelihos_C94DC5C9BB7B99658C275B7337C64B33-pcap.zip
  6. 2013-08-19 BIN_Nitedrem_508af8c499102ad2ebc1a83fdbcefecb-pcap
  7. 2013-08-17 BIN_sality_CEAF4D9E1F408299144E75D7F29C1810-pcap
  8. 2013-08-15 BIN_torpigminiloader-pcap.zip
  9. 2013-13-08 EK_popads_109.236.80.170_2013-08-13.pcap
  10. 2013-11-08 BIN_Alinav5.3_4C754150639AA3A86CA4D6B6342820BE.pcap
  11. 2013-08-08 BIN_BitcoinMiner_F865C199024105A2FFDF5FA98F391D74-pcap
  12. 2013-08-07 BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08-pcap
  13. 2013-07-05 BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B
  14. 2013-05-31 Wordpress-Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-2pcap.pcap
  15. 2013-05-15 BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04.pcap
  16. 2013-05-15 BIN_Gypthoy_3EE49121300384FF3C82EB9A1F06F288-2013-05.pcap
  17. 2013-05-12 BIN_PassAlert_B4A1368515C6C39ACEF63A4BC368EDB2-2013-05-13
  18. 2013-05-12 BIN_HorstProxy_EFE5529D697174914938F4ABF115F762-2013-05-13-pcap
  19. 2013-05-12 BIN_Bitcoinminer_12E717293715939C5196E604591A97DF-2013-05-12-pcap
  20. 2013-05-07 BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05-pcapc
  21. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
  22. 2013-05-05 BIN_GameThief_ECBA0FEB36F9EF975EE96D1694C8164C_2013-03-pcap
  23. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
  24. 2013-04-27 EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04-pcap
  25. 2013-04-26 -- BIN_Citadel_3D6046E1218FB525805E5D8FDC605361-2013-04-samp 
  26. BIN_CitadelPacked_2012-05.pcap
  27. BIN_CitadelUnpacked_2012-05.pcap
  28. BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10.pcap
  29. BIN_Darkmegi_2012-04.pcap
  30. BIN_DarknessDDoS_v8g_F03Bc8Dcc090607F38Ffb3A36Ccacf48_2011-01.pcap-
  31. BIN_dirtjumper_2011-10.pcap
  32. BIN_DNSChanger_2011-12.pcap
  33. BIN_Drowor_worm_0f015bb8e2f93fd7076f8d178df2450d_2013-04.pcap
  34. BIN_Googledocs_macadocs_2012-12.pcap
  35. BIN_Imaut_823e9bab188ad8cb30c14adc7e67066d.pcap
  36. BIN_IRCbot_c6716a417f82ccedf0f860b735ac0187_2013-04.pcap
  37. BIN_Kelihos_aka_Nap_0feaaa4adc31728e54b006ab9a7e6afa.pcap
  38. BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 .pcap
  39. BIN_purplehaze-2012-01.pcap
  40. BIN_ponyloader_470a6f47de43eff307a02f53db134289.pcap
  41. BIN_Ramnitpcap_2012-01.pcap
  42. BIN_Reedum_0ca4f93a848cf01348336a8c6ff22daf_2013-03.pcap
  43. BIN_SpyEye_2010-02.pcap
  44. BIN_Stabuniq_F31B797831B36A4877AA0FD173A7A4A2_2012-12.pcap
  45. BIN_Tbot_23AAB9C1C462F3FDFDDD98181E963230_2012-12.pcap
  46. BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12.pcap
  47. BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12.pcap
  48. BIN_Tbot_A0552D1BC1A4897141CFA56F75C04857_2012-12.pcap
  49. BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12.pcap
  50. BIN_Tinba_2012-06.pcap
  51. BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12.pcap
  52. BIN_Xpaj_2012-05.pcap
  53. BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10.pcap
  54. BIN_ZeusGameover_2012-02.pcap
  55. BIN_Zeus_2010-12.pcap
  56. EK_Blackholev1_2012-03.pcap
  57. EK_Blackholev1_2012-08.pcap
  58. EK_Blackholev2_2012-09.pcap
  59. EK_Blackhole_Java_CVE-2012-4681_2012-08.pcap
  60. EK_Phoenix_2012-04.pcap
  61. EK_Smokekt150(Malwaredontneedcoffee)_2012-09.pcap -  credit malware.dontneedcoffee.com


Read more


  1. What Is Hacking Tools
  2. Hacker Tools 2019
  3. Hacking Tools For Windows 7
  4. Hack Tools For Mac
  5. Pentest Tools Alternative
  6. Pentest Tools Tcp Port Scanner
  7. Hack Tool Apk No Root
  8. Hacking Tools For Mac
  9. Hack Apps
  10. Hacking Tools Usb
  11. Hacker Hardware Tools
  12. Free Pentest Tools For Windows
  13. Hack Tools For Games
  14. Pentest Tools Android
  15. Pentest Tools For Mac
  16. Pentest Tools Free
  17. What Are Hacking Tools
  18. Hack Tools Online
  19. Pentest Tools Open Source
  20. Hacker Tools Hardware
  21. Top Pentest Tools
  22. World No 1 Hacker Software
  23. Pentest Tools Nmap
  24. Hack Tools 2019
  25. Hacking Tools For Games
  26. Computer Hacker
  27. Pentest Tools Port Scanner
  28. Wifi Hacker Tools For Windows
  29. Pentest Tools Kali Linux
  30. Hack Tools Download
  31. Hacking Tools Online
  32. Pentest Tools For Windows
  33. Hacker Tools For Ios
  34. Hack Tools For Ubuntu
  35. Wifi Hacker Tools For Windows
  36. Hak5 Tools
  37. Ethical Hacker Tools
  38. Hack Tools Mac
  39. Hack Tools
  40. Hacker Tools Apk
  41. Pentest Tools Apk
  42. Pentest Tools Kali Linux
  43. Hacking Tools
  44. Hack Tools Pc
  45. Hacking Tools 2020
  46. Hack Tools Download
  47. Pentest Tools For Ubuntu
  48. Pentest Tools Find Subdomains
  49. Hacker Tools Windows
  50. Computer Hacker
  51. Pentest Tools Framework
  52. Pentest Tools
  53. Hacker Tools Linux
  54. Hak5 Tools
  55. Hacker Tools 2019
  56. Pentest Tools Download
  57. Hack Tools Download
  58. Hacker Tools 2020
  59. Black Hat Hacker Tools
  60. Pentest Tools For Android
  61. Hacker Tools
  62. How To Install Pentest Tools In Ubuntu
  63. Pentest Tools Review
  64. Pentest Tools Apk
  65. Hacker Tools 2020
  66. Pentest Tools Tcp Port Scanner
  67. Hacker Tools For Mac
  68. Hacking Tools For Mac
  69. Hacking Tools For Pc
  70. Hacking Tools Github
  71. Pentest Tools Alternative
  72. Pentest Tools For Android
  73. Pentest Tools Tcp Port Scanner
  74. Pentest Tools List
  75. Hacking Tools
  76. Hacking Tools And Software
  77. Pentest Tools
  78. Pentest Tools Website
  79. Pentest Tools Bluekeep
  80. Hack Tools
  81. Hack Tools Online
  82. Hack Tools Github
  83. Github Hacking Tools
  84. Hacker Tools Apk Download
  85. Pentest Tools Review
  86. Hacker Tools Free Download
  87. Game Hacking
  88. Ethical Hacker Tools
  89. Nsa Hack Tools Download
  90. Pentest Tools Android
  91. Hack App
  92. Hacker Tools Software
  93. Hack Apps
  94. Best Pentesting Tools 2018
  95. Pentest Tools Kali Linux
  96. Hacker Security Tools
  97. Hacking Tools Free Download
  98. Hacking Tools Windows
  99. Hack Apps
  100. Tools 4 Hack
  101. Pentest Tools For Android
  102. Computer Hacker
  103. Pentest Tools Apk
  104. Top Pentest Tools
  105. Hacks And Tools
  106. Hack Tools Download
  107. Bluetooth Hacking Tools Kali
  108. Hacking Tools Software
  109. Nsa Hacker Tools
  110. Pentest Tools Windows
  111. Hacker Tools Apk
  112. How To Make Hacking Tools
  113. Hacking Apps
  114. Pentest Tools Find Subdomains
  115. Hacking Tools Free Download
  116. Hacking Tools For Games
  117. Pentest Tools
  118. Pentest Tools Url Fuzzer
  119. Github Hacking Tools
  120. Hackers Toolbox
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)