DeepEnd Research: List of malware pcaps, samples, and indicators for the Library of Malware Traffic Patterns

The library of malware traffic patterns have been popular. We found it very useful as well ourselves and we encourage you to send your contributions. I know at some point the spreadsheet will become unwieldy but I personally find it the most easy way (easy sort, search etc)
Currently, most of the samples described have the corresponding samples and pcaps available for download (email Mila @contagio for the password)
such as you see in the links below
Email us at mila [a t ] Deependresearch.org or adimino [a t] deependresearch.org
The current list of malware described (as of Aug. 9, 2013)
# APT CRIME and HACKTIVISM
1 9002 Adware Hotbar
2 9002 POST Andromeda
3 Banechant 1 ArcomRat / Dokstormac
4 Banechant payload dl 2 Ardamax keylogger
5 Beebus Asprox Checkin
6 Beebus C2 checkin AsproxGET list of C2s
7 Beebus data send AsproxGETs spam template
8 Comfoo / Vinself / Mspub Avatar Rootkit
9 Cookies /Cookiebag / Dalbot Beebone downloader
10 Coswid Bitcoinminer
11 CVE-2012-0754 SWF in DOC Blackhole 2
12 CVE-2012-0779 Blackhole v2
13 Depyot Blazebot
14 Destory Rat / Sogu / Thoper Carberp
15 Disttrack / Shamoon Citadel
16 DNSWatch / Protux Cutwail / Pushdo
17 Downloader BMP Darkmegi
18 Einstein Darkness DDos v8g
19 Einstein data send DirtJumper DDoS
20 Enfal / Lurid DNSChanger
21 Favorites EK – Blackhole 2 landing
22 Foxy EK Blackhole 1
23 Foxy Checkin EK Neutrino
24 Gh0st EK Phoenix
25 Gh0st ASP ver FakeAV var (via Kuluoz – Asprox botnet)
26 Gh0st PHP ver Flashback OSX
27 Gh0st v2000 var GameThief
28 Gh0st var Gapz C&C request
29 Glasses Guntior – CN bootkit
30 GoogleAdC2 Gypthoy
31 GoogleAdC2 2nd stage Hiloti
32 Googles HOIC DDoS
33 Greencat Horst Proxy
34 Gtalk Imaut
35 Hangover Smackdown Minapro IRCbot
36 Hupigon / Graybird JBOSS worm
37 icon.js – system info send Karagany Loader
38 IEXPLORE Rat / C0D0S0 /Briba / Cimuz / SharkyRAT Kuluoz.B downloader
39 IXESHE Matsnu – MBR wiping ransomware
40 IXESHE AES Medfos
41 KoreanBanker DL Money loader
42 Letsgo / TabMsgSQL Mutopy Downloader
43 Letsgo / TabMsgSQL downloader Mutopy Downloader initial callback
44 Likseput PassAlert
45 Lingbo (?) Pony loader
46 Luckycat – WIMMIE PowerLoader
47 LURK Ranbyus / Triton (Spy, Banking, smart cards)
48 Mediana Proxy Reedum
49 MiniASP Shiz / Rohimafo DDoS
50 Miniduke Srizbi
51 Miniflame Stabuniq
52 Mirage Sweet Orange EK
53 Mirage – later var Symmi Remote File Injector
54 Mongal Tbot tor
55 MSWab /Yayih Tinba aka Zusy
56 Murcy Urausy (Ransomware)
57 Netravler USteal.D
58 NfLog Vobfus
59 NTESSESS Xpaj
60 Pitty Tiger ZeroAccess / Sirefef
61 Plugx ZeroAccess / Sirefef – Counter site checkin
62 PNG trojan ZeroAccess / Sirefef ppc fraud – redirect
63 Poison Ivy Zeus
64 Quarian Zeus Gameover
65 RedOctober AuthInfo
66 RedOctober Sysinfo
67 RegSubDat
68 RssFeeder
69 Sanny / Win32.Daws
70 Seasalt
71 Sofacy
72 Surtr 2nd Stage DL
73 Surtr Initial GET
74 Swami
75 Sykipot / Wyksol
76 Taidoor
77 Taleret
78 Tapaoux
79 Tarsip Eclipse
80 Tarsip Moon
81 Variant Letsgo / TabMsgSQL downloader (comment crew)
82 Vinself
83 WEBC2_RAVE
84 WEBC2-Bolid
85 WEBC2-Clover
86 WEBC2-CSON
87 WEBC2-CSON Response to commands
88 WEBC2-HEAD
89 WEBC2-Table
90 Xtreme Rat

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips