Collection Of Pcap Files From Malware Analysis

Update: Feb 19. 2015

We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.

I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks. The public pcaps have no passwords on them.




Update:Dec 13. 2014 

Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out the folder ( Pcap collection (New link)) for the recent pcaps!

Update:Dec 31. 2013 - added new pcaps

I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware identification. While there are some online public sandboxes offering pcaps for download like Cuckoo or Anubis but  looking for them is a tedious task and you cannot be totally sure the pcap is for the malware family supposedly analysed - in other words, if the sandbox says it is Zeus does not necessarily mean that it is.

I found some good pcap repositories here (http://www.netresec.com/?page=PcapFiles) but there are very few pcaps from malware.

These are from identified and verified (to the best of my knowledge and belief - email me if you find errors) malware samples.

All of them show the first stage with the initial callback and most have the DNS requests as well. A few pcaps show extended malware runs (e.g. purplehaze pcap is over 500mb).
Most pcaps are mine, a few are from online sandboxes, and one is borrowed from malware.dontneedcoffee.com. That said, I can probably find the corresponding samples for all that have MD5 listed if you really need them. Search contagio, some are posted with the samples.

Each file has the following naming convention:
BIN [RTF, PDF] - the filetype of the dropper used, malware family name, MD5, and year+month of the malware analysis.

I will be adding more pcaps in the future. Please donate your pcaps from identified samples, I am sure many of you have.

Thank you

Download

Download all together or separately.

All pcaps archives have the same password (same scheme), email me if you need it. I tried posting it without any passwords and pass infected but they get flagged as malware. Modern AV rips though zips and zips with the pass 'infected' with ease.

APT PCAPS

Download all together or separately.

1. 2012-12-31 BIN_Xinmic_8761F29AF1AE2D6FACD0AE5F487484A5-pcap
2. 2013-09-08 BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29-pcap
3. 2013-09-08 BIN_Darkcomet_DC98ABBA995771480AECF4769A88756E-pcap
4. 2013-09-02 8202_tbd_ 6D2C12085F0018DAEB9C1A53E53FD4D1-pcap
5. 2013-09-02 BIN_8202_6d2c12085f0018daeb9c1a53e53fd4d1-pcap
6. 2013-09-02 BIN_Vidgrab_6fd868e68037040c94215566852230ab-pcap
7. 2013-09-02 BIN_PlugX_2ff2d518313475a612f095dd863c8aea-pcap
8. 2013-09-02 BIN_Taidoor_46ef9b0f1419e26f2f37d9d3495c499f-pcap
9. 2013-09-02 BIN_Vidgrab_660709324acb88ef11f71782af28a1f0-pcap
10. 2013-09-02 BIN_Gh0st-gif_f4d4076dff760eb92e4ae559c2dc4525-pcap.zip
11. 2013-07-15 BIN_Taleret.E_5328cfcb46ef18ecf7ba0d21a7adc02c.pcap
12. 2013-05-14 BIN_Mediana_0AE47E3261EA0A2DBCE471B28DFFE007_2012-10.pcap
13. 2013-05-14 BIN_Hupigon_8F90057AB244BD8B612CD09F566EAC0C
14. 2013-05-14 BIN_LetsGo_yahoosb_b21ba443726385c11802a8ad731771c0_2011-07-19
15. 2013-05-13 BIN_IXESHE_0F88D9B0D237B5FCDC0F985A548254F2-2013-05-pcap
16. 2013-05-06 BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11-pcap
17. 2013-05-06 BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30-pcap
18. 2013-05-06 BIN_BIN_RssFeeder_68EE5FDA371E4AC48DAD7FCB2C94BAC7-2012-06-pcap (not a common name, see the traffic ssheet http://bit.ly/maltraffic )
19. 2013-04-30 BIN_MSWab_Yayih_FD1BE09E499E8E380424B3835FC973A8_us-pcap
20. 2013-04-29 BIN_LURK_AF4E8D4BE4481D0420CCF1C00792F484_20120-10-pcap
21. 2013-04-29 BIN_XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13-pcap
22. BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01.pcap
23. BIN_Gh0st_variant-v2010_B1D09374006E20FA795B2E70BF566C6D_2012-08.pcap
24. BIN_Likseput_E019E37F19040059AB5662563F06B609_2012-10.pcap
25. BIN_Nettravler_1f26e5f9b44c28b37b6cd13283838366.pcap
26. BIN_Nettravler_DA5832657877514306EDD211DEF61AFE_2012-10.pcap
27. BIN_Sanny-Daws_338D0B855421867732E05399A2D56670_2012-10.pcap
28. BIN_Sofacy_a2a188cbf74c1be52681f998f8e9b6b5_2012-10.pcap
29. BIN_Taidoor_40D79D1120638688AC7D9497CC819462_2012-10.pcap
30. BIN_TrojanCookies_840BD11343D140916F45223BA05ABACB_2012_01.pcap
31. PDF_CVE-2011-2462_Pdf_2011-12.pcap
32. RTF_Mongall_Dropper_Cve-2012-0158_C6F01A6AD70DA7A554D48BDBF7C7E065_2013-01.pcap
33. OSX_DocksterTrojan.pcap

CRIMEWARE PCAPS

Download all together or separately.

1. 2013-11-12_BIN_ChePro_2A5E5D3C536DA346849750A4B8C8613A-1.pcap
2. 2013-10-15_BIN_cryptolocker_9CBB128E8211A7CD00729C159815CB1C.pcap
3. 2013-09-20_BIN_Lader-dlGameoverZeus_12cfe1caa12991102d79a366d3aa79e9.pcap
4. 2013-09-08 BIN_Tijcont_845B0945D5FE0E0AAA16234DC21484E0-pcap
5. 2013-09-08 BIN_Kelihos_C94DC5C9BB7B99658C275B7337C64B33-pcap.zip
6. 2013-08-19 BIN_Nitedrem_508af8c499102ad2ebc1a83fdbcefecb-pcap
7. 2013-08-17 BIN_sality_CEAF4D9E1F408299144E75D7F29C1810-pcap
8. 2013-08-15 BIN_torpigminiloader-pcap.zip
9. 2013-13-08 EK_popads_109.236.80.170_2013-08-13.pcap
10. 2013-11-08 BIN_Alinav5.3_4C754150639AA3A86CA4D6B6342820BE.pcap
11. 2013-08-08 BIN_BitcoinMiner_F865C199024105A2FFDF5FA98F391D74-pcap
12. 2013-08-07 BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08-pcap
13. 2013-07-05 BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B
14. 2013-05-31 Wordpress-Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-2pcap.pcap
15. 2013-05-15 BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04.pcap
16. 2013-05-15 BIN_Gypthoy_3EE49121300384FF3C82EB9A1F06F288-2013-05.pcap
17. 2013-05-12 BIN_PassAlert_B4A1368515C6C39ACEF63A4BC368EDB2-2013-05-13
18. 2013-05-12 BIN_HorstProxy_EFE5529D697174914938F4ABF115F762-2013-05-13-pcap
19. 2013-05-12 BIN_Bitcoinminer_12E717293715939C5196E604591A97DF-2013-05-12-pcap
20. 2013-05-07 BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05-pcapc
21. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
22. 2013-05-05 BIN_GameThief_ECBA0FEB36F9EF975EE96D1694C8164C_2013-03-pcap
23. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
24. 2013-04-27 EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04-pcap
25. 2013-04-26 -- BIN_Citadel_3D6046E1218FB525805E5D8FDC605361-2013-04-samp 
26. BIN_CitadelPacked_2012-05.pcap
27. BIN_CitadelUnpacked_2012-05.pcap
28. BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10.pcap
29. BIN_Darkmegi_2012-04.pcap
30. BIN_DarknessDDoS_v8g_F03Bc8Dcc090607F38Ffb3A36Ccacf48_2011-01.pcap-
31. BIN_dirtjumper_2011-10.pcap
32. BIN_DNSChanger_2011-12.pcap
33. BIN_Drowor_worm_0f015bb8e2f93fd7076f8d178df2450d_2013-04.pcap
34. BIN_Googledocs_macadocs_2012-12.pcap
35. BIN_Imaut_823e9bab188ad8cb30c14adc7e67066d.pcap
36. BIN_IRCbot_c6716a417f82ccedf0f860b735ac0187_2013-04.pcap
37. BIN_Kelihos_aka_Nap_0feaaa4adc31728e54b006ab9a7e6afa.pcap
38. BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 .pcap
39. BIN_purplehaze-2012-01.pcap
40. BIN_ponyloader_470a6f47de43eff307a02f53db134289.pcap
41. BIN_Ramnitpcap_2012-01.pcap
42. BIN_Reedum_0ca4f93a848cf01348336a8c6ff22daf_2013-03.pcap
43. BIN_SpyEye_2010-02.pcap
44. BIN_Stabuniq_F31B797831B36A4877AA0FD173A7A4A2_2012-12.pcap
45. BIN_Tbot_23AAB9C1C462F3FDFDDD98181E963230_2012-12.pcap
46. BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12.pcap
47. BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12.pcap
48. BIN_Tbot_A0552D1BC1A4897141CFA56F75C04857_2012-12.pcap
49. BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12.pcap
50. BIN_Tinba_2012-06.pcap
51. BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12.pcap
52. BIN_Xpaj_2012-05.pcap
53. BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10.pcap
54. BIN_ZeusGameover_2012-02.pcap
55. BIN_Zeus_2010-12.pcap
56. EK_Blackholev1_2012-03.pcap
57. EK_Blackholev1_2012-08.pcap
58. EK_Blackholev2_2012-09.pcap
59. EK_Blackhole_Java_CVE-2012-4681_2012-08.pcap
60. EK_Phoenix_2012-04.pcap
61. EK_Smokekt150(Malwaredontneedcoffee)_2012-09.pcap -  credit malware.dontneedcoffee.com

Related links

• Hack App
• Hacking Tools For Games
• Hacking Tools For Windows 7
• Hacker Tools Software
• How To Install Pentest Tools In Ubuntu
• Hacker Tools For Windows
• Hacking Tools For Beginners
• Pentest Box Tools Download
• Hacker Tools Windows
• New Hacker Tools
• Hacking Tools Hardware
• Hacking Tools Kit
• Hacking App
• Hack Tools Mac
• Pentest Box Tools Download
• Hacking Tools For Windows 7
• Tools For Hacker
• Hack App
• Hacker Tools For Windows
• New Hack Tools
• Hacking Tools Github
• Hacker Tools
• Hack Tools
• Hacker Tools Online
• Tools Used For Hacking
• Hacking Tools Github
• Hack Tools
• Pentest Tools Find Subdomains
• Pentest Tools Find Subdomains
• Wifi Hacker Tools For Windows
• Hack Tools For Windows
• Hacker Tools Online
• Tools Used For Hacking
• Pentest Tools Website
• Hack Tools For Ubuntu
• Pentest Tools Subdomain
• Hacker Tools 2020
• Tools For Hacker
• Hacking Tools 2020
• Hack And Tools
• Hacker Tools Software
• Hack Tools Mac
• Hacking Tools Windows 10
• Hacking Tools Name
• Hacking Tools For Windows
• Hacking Tools Hardware
• Hack Tools
• Hacker Tools
• Nsa Hacker Tools
• Tools 4 Hack
• Hacker Tools Free
• Pentest Reporting Tools
• Hacking Tools Hardware
• Hack Tools For Games
• Hack Tools 2019
• How To Install Pentest Tools In Ubuntu
• Hacking Tools For Windows 7
• Hak5 Tools
• Pentest Tools Apk
• Hacking Tools Usb
• Hacker Tools Hardware
• Hack Tool Apk
• Hack And Tools
• Hacker Tool Kit
• Hacking Tools Free Download
• Hacker Tools Mac
• What Is Hacking Tools
• Hacking Tools Pc
• Pentest Tools For Windows
• Hacker Tools Online
• Pentest Tools Port Scanner
• Hacking Tools Pc
• Hacking Tools Usb
• Hacker Tools For Ios
• Hacking Tools And Software
• Wifi Hacker Tools For Windows
• Pentest Tools Apk
• Hacking Tools 2020
• Pentest Tools Nmap
• Hack Tool Apk
• Hacking Tools Download
• Hack Tools For Windows
• Hacker Security Tools
• Hack Tools Pc
• Underground Hacker Sites
• Pentest Tools For Windows
• Hack Tools 2019
• How To Make Hacking Tools
• Hacker Tools Apk Download
• Usb Pentest Tools
• Easy Hack Tools
• Pentest Tools Alternative
• Hacker Tools Online
• Hacking Tools Download
• Pentest Tools Port Scanner
• Hacking Tools 2019
• Pentest Tools Review
• Github Hacking Tools
• Hacker Tools For Pc
• Hacker Tools For Windows
• Hack Tools Github
• Install Pentest Tools Ubuntu
• Hacker Tools Hardware
• Hacker Tools Windows
• Hacking Tools 2019
• Hack Tools Online
• Hacker Security Tools
• How To Install Pentest Tools In Ubuntu
• Hacker Tools Free Download
• Tools 4 Hack
• Blackhat Hacker Tools
• Beginner Hacker Tools
• Hacking Tools Hardware
• Hack Website Online Tool
• Hack Website Online Tool
• Free Pentest Tools For Windows
• Pentest Tools For Ubuntu
• Hak5 Tools
• Hack Tools 2019
• Hacking Tools For Windows Free Download
• Hackrf Tools
• Hacking Tools Free Download
• Hacking Apps
• Nsa Hack Tools Download
• Hacking Tools Pc
• Hacking Tools Pc
• Hacker Tools List
• Hacker Tool Kit
• Hacker Tools Windows
• Blackhat Hacker Tools
• Hack Website Online Tool
• Hack Website Online Tool
• Hacker Tools Apk
• Hacking Tools Online
• Beginner Hacker Tools
• Pentest Tools Bluekeep
• How To Hack
• Hacker Search Tools
• Pentest Tools Url Fuzzer
• Hacker Tools 2019
• Hack Tools For Games
• Pentest Tools Url Fuzzer
• Hacking Tools Free Download
• Pentest Tools List
• Hack Tools Mac
• Best Hacking Tools 2019
• Pentest Tools Website