malware-samples
A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net or https://twitter.com/inquest. Be sure to also check out the Deep File Inspection (DFI) portion of https://labs.inquest.net for an interactive searchable interface to a large corpus (>500K) of downloadable malware lures.
- CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
- 14c58e38... Carrier: Microsoft Excel 2007+ XLSX, JSON VT Report
- 3b1395f6... Carrier: Composite Document File V2 Document DOC, JSON VT Report
- 88d7aa16... Stage-1: Macromedia Flash data, version 32 SWF, JSON VT Report, Decompiled ActionScript
- 1a326925... Stage-2: (0day) Macromedia Flash data (compressed), version 32 SWF, JSON VT Report, Decompiled ActionScript
- e1546323... Payload: (ROKRAT) PE32 executable (GUI) Intel 80386, for MS Windows PE, JSON VT Report
- 2018-04-GandCrab-Swarm
- 2018-05-Agent-Tesla-Open-Directory
- 2018-05-22 Interesting Macro Obfuscation
- 2018-08 Hidden Bee Elements
- 2019-01 Malicious Excel XLM Macros
- 98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526.xlm
- a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a.msi
- c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4.exe
- 8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4.vbs
- 91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce.bat
- 79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190.dll
- 2019-03 Sophisticated PowerShell Script (Dropping URLZone)
- 2019-07 Base64 Encoded Powershell Pivots
- 2020-05 Zloader 4.0 Macrosheet Evolution
- 2020-07 Tale of a Polished Carrier
Additional Sources
Some additional GitHub repositories to explore for those curious to gather more public domain samples.
- ytisf/theZoo - Live samples with binaries and source code.
- fabrimagic72/malware-samples - Samples collected with honeypots.
- HynekPetrak/javascript-malware-collection - Large collection of malicious JavaScript samples.
- wolfvan/some-samples - Large collection of samples captured with honeypots.
- 0x48piraj/MalWAReX - Remote Access Trojan (RAT) samples.
- drbeni/malquarium - Web based malware repository, samples available at https://malquarium.org/.
- mstfknn/malware-sample-library - Malware samples, derived from https://iec56w4ibovnb4wc.onion.si/.
- RamadhanAmizudin/malware - Malware source and binaries, most from http://www.malwaretech.com/.