Sunday, March 24, 2013

16,800 clean and 11,960 malicious files for signature testing and research.

Signature and security product testing often requires large numbers of sorted malicious and clean files to eliminate false positives and negatives. They are not always easy to find, but here are some that I have.

Clean documents are collected from various open sources. All the copyright rights belong the the authors of each document and file. You must not use the documents for their content but only as samples of particular file types.

Thursday, March 21, 2013

Sunday, March 3, 2013

Mandiant APT1 samples categorized by malware families

Update: May 19, 2018
APT 1 resources
Threat Actor aliases:
Comment Crew, Comment Panda, PLA Unit 61398, TG-8223, APT 1,           BrownFox,Group 3,GIF89a, ShadyRAT, Shanghai Group, Byzantine Candor

These are the samples described in the Mandiant Report APT1, in the Indicators of Compromise (IOCs). Each file is named according to the malware family, so you can run your own detection and signature tools to see how your naming convention corresponds to the one used by Mandiant.

You can use these binaries to develop signatures, compare to your samples, or study the behavior and evolution of APT1.
I added Contagio samples in several families as well.
The list of binaries and their names, as well as malware families descriptions are provided below for your convenience.