Malware found in the wild

• EICAR test file - A text file you can test your antivirus with, that doesn’t do anything malicious.

  X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Downloading can be done with proxychains and tor. Downloading multiple files can be done like this:

• on MacOS:

  #!/bin/bash
  #collect IPs from logs and put them in a matrix
  virusMatrix=(
  1.94.127.91:51527/Mozi.a
  42.224.2.177:56263/Mozi.a
  42.230.87.202:33296/Mozi.m
  58.249.22.48:46809/Mozi.m
  59.94.195.181:46026/Mozi.a
  61.3.155.131:43576/Mozi.a
  )
  for url in "${virusMatrix[@]}"
  do
    :
    proxychains4 wget $url
  done

Some resources

• Aurora - Malware similarity platform with modularity in mind.
• DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices.
• DomainClassifier - DomainClassifier is a Python (2/3) library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their DNS existence, localization or attributes.
• Findmal - A tool to find/download malware samples from various public repositories.
• Malpedia - primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware.
• MalwareClassifier - Malware Classifier From Network Captures.
• Malware-analysis-and-Reverse-engineering - “Some of my publicly available Malware analysis and Reverse engineering.”
• MWDB Feeds - A Modular MWDB Utility to Collect Fresh Malware Samples.
• Snake - Snake is a malware storage zoo that was built out of the need for a centralised and unified storage solution for malicious samples that could seamlessly integrate into the investigation pipeline.
• Unit42’s Playbook
• WMIPersistence.vbs

Malware resources

• Android Malware - GitHub repository of Android malware samples.
• Bediger4000’s PHP Malware Analysis repo - Deobfuscation and analysis of PHP malware captured by a WordPress honey pot.
• Contagio Mobile – Mobile malware mini dump.
• DasMalwarek
• Endermanch MalwareDatabase - This repository is one of a few malware collections on the GitHub.
• Fabrimagic72 malware-samples - A collection of malware samples caught by several honeypots i manage
• Gr33ntii malware-collection - Author x0lzs3c
• HynekPetrak javascript-malware-collection - Collection of almost 40.000 javascript malware samples.
• InQuest malware-samples - A collection of malware samples and relevant dissection information, most probably referenced from https://blog.inquest.net
• Javascript Malware Collection - Collection of almost 40.000 javascript malware samples
• macOS
  • macOS Malware Collection
• Malshare.com - The Mac Malware of 2020 👾
• Malware4edu - Malware Samples that could be used for teaching students about malware analysis.
• Malware by abshkd - This is a collection of known malware and threats found on various Linux/web servers. Also find known ways to detect.
• Malware - zeltser.com - Free Malware Sample Sources for Researchers
• MalwareCollection - Popular Malware-Samples for research and educational purposes.(60+ Samples!)
• Malware-Database - cryptwareapps - A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
• MalwareDatabase - Endermanch - This repository is one of a few malware collections on the GitHub.
• MalwareDatabase - NTFS123
• MalwareDatabase - Pyran1 - Malware samples for analysis, researchers, anti-virus and system protection testing (1600+ Malware-samples!). Visit official website: malwaredatabase.byethost13.com!
  • MalwareDatabaseUnsorted - Malware samples for analysis, researchers, anti-virus and system protection testing.(5000+ Malware-samples!)

• Malware-Exhibit - 🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

• malware-samples by Cerbersec - Malware samples pulled from my Cowrie honeypot

• Malware - funtimes-ninja - Malware samples from honeypots
• Malware by theevilbit - Various malware RE stuff.
• Malware by RamadhanAmizudin - Malware Samples. Uploaded to GitHub for those want to analyse the code. Code mostly from: http://www.malwaretech.com.
• Malware by rivitna - null
• Malwares code by futex - Example of malicious codes for educational purpose, don’t make shit with that.
• malwares-collection by petikvx - Collection of Virii - Worms - Trojan.
• MalwareHashDB - Malware hashes for open source projects.
• Malware Samples by darrenmartyn
• Malware samples by fabrimagic72 - A collection of malware samples caught by several honeypots i manage
• Malware Samples by jstrosch - Malware samples, analysis exercises and other interesting resources.
• Malware Samples by Malware-Feed
• MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
• MalwareWorld.com - Check for Suspicious Domains and IPs.
• Malware World by Carlospolop - System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts.
• My-malware-collection by stinky-fox - “!!!WARNING!!!! Anything provided here is a real and potentially dangerous malware! Must be used with caution and only in the sandbox environment.”
• Nikicat web-malware-collection
• Objective See Collection - macOS malware samples.
• OfficeMalwares - Sources Codes of many Office Malwares
• Packet Total – PCAP based malware sources.
• Penetrum Malware Zoo - A collection of malware that we use for testing and training.
• PracticalMalwareAnalysis-Labs - Binaries for the book Practical Malware Analysis.
• RAT-Collection - Remote Access Trojan collection.(260+ RAT-Builders!)

• Rust-malware-gallery - A collection of malware families and malware samples which use the Rust programming language.

• Shellntel’s Dragon Backdoor repo - dragon.c: a sniffing, non binding, reverse down/exec, portknocking service * Based on cd00r.c by fx@phenoelit.de and helldoor.c by drizzt@drizzt.it.

• TakeDefense
• URLhaus – Online and real-world malware campaign samples.
• VirusShare.com

• Vxunderground MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages. www.vx-underground.org

  • Vx_underground - A scalable web app features LiveView authentication, user roles and permission system, and secure S3/Wasabi uploads. It calculates file hashes with Erlang crypto library and uses Oban for all most API requests for automated retries. It includes a custom Logger backend to log to Discord, has CI/CD setup and is deployed on Fly.io.

• vx - Virus Exchange - Virus Exchange (VX) - Collection of malware or assembly code used for “offensive” purposed.

• Ytisf theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public. thezoo.morirt.com
• VIRUS-HUB - 病毒库、样本中心.
• VirusSamples by JPaulMora - Warning: These are REAL, EVIL executables.. download at your own risk, submit your own.

MacOS

• objective-see.com/malware

Windows

• moneta - Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs.