Malware Traffic


DFIR Tools

License Type
Test Images and CTFs
CTF & Challenges
Captured malware traffic from honeypots, sandboxes or real world intrusions.

Contagio Malware Dump: Collection of PCAP files categorized as APT, Crime or Metasplot
(the PCAP archive is hosted on DropBox and MediaFire )
 WARNING: The password protected zip files contain real malware
 Also see Contagio's PCAP files per case: 

 Malware analysis blog that shares malware as well as PCAP files

 GTISK PANDA Malrec - PCAP files from malware samples run in PANDA, created by @moyix and GTISK

 Stratosphere IPS - PCAP and Argus datasets with malware traffic, created by Sebastian Garcia ( @eldracote ) at the ATG group of the Czech Technical University

 VM execution of info-stealer malware. Created by the Services, Cybersecurity and Safety research group at University of Twente.

 Regin malware PCAP files, created by @moyix (see his blog post )

Ponmocup malware/trojan (a.k.a. Milicenso) PCAP by Tom Ueltschi a.k.a. @c_APT_ure
Also see original source (password protected zip) and analysis writeup (text) 

 PCAP file with PowerShell Empire (TCP 8081) and SSL wrapped C2 (TCP 445) traffic from CERT.SE's technical writeup of the major fraud and hacking criminal case "B 8322-16".

 Free malware analysis sandbox. Malware samples can be uploaded or searched, PCAP files from sandbox execution can be downloaded.

 Online client honeypot for sharing, browsing and analyzing web-based malware. PCAP download available for analyzed sites.

 Shadowbrokers PCAPs by Eric Conrad , including ETERNALBLUE and ETERNALROMANCE.

User comments

There are no user comments for this listing.