Welcome to the Malware-Samples repository! This repository contains various malware and ransomware samples for research and analysis purposes. All RAR files are password-locked with the password "infected". Please ensure you use caution and follow appropriate safety measures when handling these samples.
- Clone the repository to your local machine:
git clone https://github.com/ThatSINEWAVE/Malware-Samples.git
-
Use the password "infected" to unlock the RAR files containing the malware samples.
-
Analyze the samples using appropriate tools and techniques. Remember to do this in a controlled environment to prevent any unintended consequences.
-
Caution: Malware samples can cause harm to your computer system and compromise your security. Handle these samples with extreme care and only in isolated environments. Do not execute these samples on any system connected to the internet or any network containing sensitive information.
-
Please note: The maintainer and contributors of this repository, both past, present, and future, are not responsible for any loss of data, system damage, or other consequences resulting from the mishandling of the samples provided herein. Caution is advised when testing any file present in this repository.
We aim to continuously enhance the usability and value of this repository. Here are some planned improvements:
- Dedicated README Files: Each sample will have its dedicated README file, providing specific instructions, insights, and context about the sample. These README files will complement the general repository README and offer targeted guidance for analyzing individual samples.
- 888RAT - A remote access trojan (RAT) known for its versatility and ability to control infected computers remotely.
- Adwind - A cross-platform RAT capable of infecting multiple operating systems, including Windows, macOS, and Linux.
- ArdaMax - A RAT with various spying capabilities, including key-logging, screen capture, and remote desktop control.
- CyberGate - A remote administration tool (RAT) used by cybercriminals to gain unauthorized access to infected systems and execute malicious actions remotely.
- DarkComet - A remote access trojan (RAT) notorious for its surveillance features, including key-logging, webcam monitoring, and file system access, often used in cyber espionage operations.
- DarkCloud - A malware variant known for its stealthy behavior and data exfiltration capabilities, often used in targeted espionage campaigns.
- Gh0stRAT - A remote access trojan (RAT) used by cybercriminals to gain unauthorized access to infected systems, allowing them to steal data, monitor activities, and execute commands remotely.
- Glupteba - A sophisticated malware strain known for its stealthy behavior and multiple functionalities, including cryptocurrency mining, information stealing, and proxy tunneling.
- MetamorpherRAT - A remote access trojan (RAT) known for its ability to evade detection by changing its characteristics, making it challenging for security software to detect and remove.
- Nanocore - A remote access trojan (RAT) known for its robust feature set, including key-logging, remote desktop control, and file system manipulation, often used in cyber espionage and data theft campaigns.
- NETWire - A remote access trojan (RAT) known for its extensive feature set, including key-logging, webcam capture, and file system manipulation, often used in cyber espionage and data theft operations.
- Quasar - A remote access trojan (RAT) known for its extensive feature set, including key-logging, remote desktop control, and file system manipulation, often used in targeted cyberattacks.
- Remcos - A remote access trojan (RAT) known for its extensive feature set, including remote desktop control, file management, and surveillance capabilities, often used in targeted cyberattacks.
- RevangeRAT - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and webcam monitoring, often used in cyber espionage operations.
- SectopRAT - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
- WarzoneRAT - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
- WSHRAT - A remote access trojan (RAT) named after its use of Windows Script Host (WSH) for execution, allowing attackers to gain unauthorized access to infected systems.
- XenorRat - A remote access trojan (RAT) designed for Windows systems, allowing attackers to remotely control infected devices, steal data, and execute malicious commands.
- ZGRat - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
- Happy99 - Also known as Ska, is a type of malware that spreads via email attachments and infects Windows systems.
- NJRAT - NJRAT (also known as Nanocore or Nano Core RAT) is a remote access trojan designed to provide unauthorized access and control over infected systems.
- Cerber - A notorious ransomware known for encrypting files on infected computers and demanding payment in cryptocurrency for decryption.
- Cryptowall - A pervasive ransomware strain that encrypts files on infected machines and demands payment in cryptocurrency for decryption, causing significant data loss and financial damage.
- Djvu - A prolific ransomware strain that encrypts files on compromised computers and demands payment in cryptocurrency for decryption, often distributed through malicious email attachments and fake software downloads.
- Jigsaw - A ransomware strain named after the antagonist in the movie "Saw," known for deleting files incrementally until a ransom is paid, aiming to pressure victims into payment.
- LockBit - A ransomware-as-a-service (RaaS) platform used by cybercriminals to encrypt files on infected systems and demand ransom payments for decryption keys.
- Locky - A notorious ransomware strain that gained notoriety for its large-scale distribution through spam emails containing malicious attachments, encrypting files on infected systems.
- Mamba - A ransomware variant known for its unique encryption technique, encrypting entire hard drives instead of individual files, making it more destructive and difficult to recover from.
- Petrwrap - A variant of the Petya ransomware, known for its destructive capabilities, encrypting entire hard drives and rendering infected systems inaccessible until a ransom is paid.
- Petya - A ransomware strain that gained notoriety for its ability to encrypt entire hard drives, causing widespread damage and disruption to infected systems, often propagated through phishing emails and exploit kits.
- NotPetya - A destructive malware strain that caused widespread havoc and financial losses to organizations worldwide.
- Radamant - A ransomware variant known for its encryption capabilities and targeted attacks against businesses and organizations, often demanding large ransom payments for decryption keys.
- Satana - A ransomware variant known for its destructive capabilities, encrypting files on infected systems and modifying the master boot record (MBR) to render the system unbootable until a ransom is paid.
- Sodinokibi - A ransomware-as-a-service (RaaS) platform used by cybercriminals to encrypt files on infected systems and demand ransom payments for decryption keys.
- TearDrop - A malware variant known for its stealthy behavior and advanced evasion techniques, often used for data theft and espionage purposes.
- TeslaCrypt - A ransomware variant known for encrypting files on infected systems and demanding payment for decryption, often distributed through malicious email attachments and exploit kits.
- Thanos - A ransomware variant known for its advanced encryption techniques and capability to encrypt files on both Windows and Linux systems, causing widespread damage and disruption.
- WannaCry - A ransomware worm that spread globally in 2017, encrypting files on infected systems and demanding ransom payments for decryption, exploiting a vulnerability in Windows systems.
- WannaCryPlus - A variant or evolution of the original WannaCry ransomware, possibly featuring additional functionalities or modifications to its encryption techniques.
- GoldenEye - A sophisticated ransomware strain that poses a significant threat to computer systems and networks worldwide.
- BadRabbit - A malicious ransomware strain that gained notoriety for its widespread attacks, particularly targeting organizations in various sectors.
- Annabelle - A sophisticated and dangerous ransomware strain that has garnered attention for its destructive capabilities in the cybersecurity landscape.
- MonsterV1 - A potent malware strain that poses a significant threat to the cybersecurity landscape, capable of causing extensive damage to computer systems and networks.
- MonsterV2 - This variant of MonsterV1 is highly advanced malware variant that represents a significant threat to the cybersecurity landscape, leveraging sophisticated techniques to infiltrate and compromise computer systems.
- Pikachu - a notorious malware strain known for its disruptive activities and widespread infections across computer systems.
- AgentTesla - A keylogger and information stealer used by cybercriminals to capture sensitive data such as login credentials and financial information.
- Akira - A malware strain primarily designed for stealing cryptocurrency wallets and credentials from infected devices.
- Amadey - A modular trojan often used in phishing campaigns to steal personal and financial information from victims.
- BanLoad - A banking trojan designed to steal sensitive banking information, such as login credentials and account details, from infected devices.
- Berbew - A trojan primarily targeting banking and financial institutions, aiming to steal sensitive information related to online banking transactions.
- Blankgrabber - A data-stealing malware focused on capturing sensitive information, like login credentials and financial data, from infected devices.
- Coper - A banking trojan specializing in stealing financial data, such as credit card details and online banking credentials, from compromised systems.
- Dirdex - A trojan malware known for its ability to steal sensitive information from infected systems and spread through network shares and removable drives.
- ICEDid - A banking trojan designed to steal sensitive information from infected systems, including login credentials and financial data, primarily distributed through phishing campaigns and exploit kits.
- Imminent - A malware variant known for its stealthy infiltration and destructive capabilities, often used to deploy ransomware and steal sensitive data from compromised systems.
- Matiex - A trojan malware designed to steal sensitive information, such as login credentials and financial data, from infected systems, often distributed through phishing campaigns.
- Matsnu - A sophisticated malware strain known for its polymorphic capabilities and multiple functionalities, including information stealing, credential harvesting, and system manipulation.
- Pony - A data-stealing malware focused on capturing sensitive information, such as login credentials and financial data, from infected systems, often used in credential stuffing attacks and identity theft.
- Pysilon - A trojan malware designed to steal sensitive information from infected systems, including login credentials and financial data, often distributed through malicious email attachments and drive-by downloads.
- QakBot - A banking trojan known for its persistence and stealthy behavior, capable of stealing sensitive information, such as login credentials and financial data, from infected systems.
- QNodeService - A trojan malware known for its stealthy behavior and ability to evade detection, often used for data theft and remote access to infected systems.
- Rex - A trojan malware known for its ability to steal sensitive information from infected systems, such as login credentials and financial data, often distributed through phishing campaigns and malicious downloads.
- StealC - A data-stealing malware variant focused on capturing sensitive information, such as login credentials and financial data, from infected systems, often distributed through malicious websites and phishing emails.
- Yunsip - A trojan malware designed to steal sensitive information from infected systems, such as login credentials and financial data, often distributed through phishing campaigns and malicious downloads.
- Magistr - A polymorphic computer virus that spreads through email attachments and network shares.
- Bonzify - A malicious trojan horse program designed to infiltrate computer systems stealthily and perform various harmful actions.
- 000 - A notorious malware known for its malicious activities across various computer systems.
- Madal - A trojan that infiltrates systems through deceptive means, such as email attachments, software downloads, or compromised websites.
- FakeAV - FakeAV, also known as Rogue Antivirus, is a type of malware that deceives users into believing their systems are infected with malicious software.
Contributions to this repository are welcome! If you have additional malware samples to share, please submit a pull request with the necessary information and password-protected archives files.
The samples provided in this repository are for educational and research purposes only. The maintainer and contributors of this repository are not responsible for any misuse or damage caused by these samples. Use at your own risk.
Remember: Stay safe and ethical in your research and analysis endeavors!