Friday, August 9, 2013

DeepEnd Research: List of malware pcaps, samples, and indicators for the Library of Malware Traffic Patterns


The library of malware traffic patterns have been popular. We found it very useful as well ourselves and we encourage you to send your contributions. I know at some point the spreadsheet will become unwieldy but I personally find it the most easy way (easy sort, search etc)

Currently, most of the samples described have the corresponding samples and pcaps available for download (email Mila @contagio for the password)
such as you see in the links below


Email us at mila [a t ] Deependresearch.org or adimino [a t] deependresearch.org

The current list of malware described (as of Aug. 9, 2013)


#APTCRIME and HACKTIVISM
19002Adware Hotbar
29002 POSTAndromeda
3Banechant 1ArcomRat / Dokstormac
4Banechant payload dl 2Ardamax keylogger
5BeebusAsprox Checkin
6Beebus C2 checkinAsproxGET list of C2s
7Beebus data sendAsproxGETs spam template
8Comfoo / Vinself / MspubAvatar Rootkit
9Cookies /Cookiebag / DalbotBeebone downloader
10CoswidBitcoinminer
11CVE-2012-0754 SWF in DOCBlackhole 2
12CVE-2012-0779Blackhole v2
13DepyotBlazebot
14Destory Rat / Sogu / ThoperCarberp
15Disttrack / ShamoonCitadel
16DNSWatch / ProtuxCutwail / Pushdo
17Downloader BMPDarkmegi
18EinsteinDarkness DDos v8g
19Einstein data sendDirtJumper DDoS
20Enfal / LuridDNSChanger
21FavoritesEK - Blackhole 2 landing
22FoxyEK Blackhole 1
23Foxy CheckinEK Neutrino
24Gh0stEK Phoenix
25Gh0st ASP verFakeAV var (via Kuluoz - Asprox botnet)
26Gh0st PHP verFlashback OSX
27Gh0st v2000 varGameThief
28Gh0st varGapz C&C request
29GlassesGuntior - CN bootkit
30GoogleAdC2Gypthoy
31GoogleAdC2 2nd stageHiloti
32GooglesHOIC DDoS
33GreencatHorst Proxy
34GtalkImaut
35Hangover Smackdown MinaproIRCbot
36Hupigon / GraybirdJBOSS worm
37icon.js - system info sendKaragany Loader
38IEXPLORE Rat / C0D0S0 /Briba / Cimuz / SharkyRATKuluoz.B downloader
39IXESHEMatsnu - MBR wiping ransomware
40IXESHE AESMedfos
41KoreanBanker DLMoney loader
42Letsgo / TabMsgSQLMutopy Downloader
43Letsgo / TabMsgSQL downloaderMutopy Downloader initial callback
44LikseputPassAlert
45Lingbo (?)Pony loader
46Luckycat - WIMMIEPowerLoader
47LURKRanbyus / Triton (Spy, Banking, smart cards)
48Mediana ProxyReedum
49MiniASPShiz / Rohimafo DDoS
50MinidukeSrizbi
51MiniflameStabuniq
52MirageSweet Orange EK
53Mirage - later varSymmi Remote File Injector
54MongalTbot tor
55MSWab /YayihTinba aka Zusy
56MurcyUrausy (Ransomware)
57NetravlerUSteal.D
58NfLogVobfus
59NTESSESSXpaj
60Pitty TigerZeroAccess / Sirefef
61PlugxZeroAccess / Sirefef - Counter site checkin
62PNG trojanZeroAccess / Sirefef ppc fraud - redirect
63Poison IvyZeus
64QuarianZeus Gameover
65RedOctober AuthInfo
66RedOctober Sysinfo
67RegSubDat
68RssFeeder
69Sanny / Win32.Daws
70Seasalt
71Sofacy
72Surtr 2nd Stage DL
73Surtr Initial GET
74Swami
75Sykipot / Wyksol
76Taidoor
77Taleret
78Tapaoux
79Tarsip Eclipse
80Tarsip Moon
81Variant Letsgo / TabMsgSQL downloader (comment crew)
82Vinself
83WEBC2_RAVE
84WEBC2-Bolid
85WEBC2-Clover
86WEBC2-CSON
87WEBC2-CSON Response to commands
88WEBC2-HEAD
89WEBC2-Table
90Xtreme Rat




1 comment: