Below is a list of all malicious and benign files we used in our analysis. This data came from the Straspohere website and can be accessed here. The repository contains over 150 botnet traffic samples and dozens of normal traffic samples. We pulled data from 8 botnet families and used multiple normal samples. The indices shown below are abbreviated versions of the directory names on the website.
Malicious traffic directories are named CTU-Malware-Capture-Botnet_{f_index}
Normal traffic directories are named CTU-Normal_{f_index}
| File Index | Type |
|---|---|
| 140-1 | Bunitu |
| 140-2 | Bunitu |
| 141-1 | Bunitu |
| 141-2 | Bunitu |
| 153-1 | Dridex |
| 227-1 | Dridex |
| 228-1 | Dridex |
| 246-1 | Dridex |
| 248-1 | Dridex |
| 249-1 | Dridex |
| 128-1 | Miuref |
| 128-2 | Miuref |
| 169-1 | Miuref |
| 169-2 | Miuref |
| 169-3 | Miuref |
| 143-1 | Upatre |
| 162-1 | Upatre |
| 162-2 | Upatre |
| 238-1 | Trickbot |
| 239-1 | Trickbot |
| 240-1 | Trickbot |
| 241-1 | Trickbot |
| 242-1 | Trickbot |
| 243-1 | Trickbot |
| 244-1 | Trickbot |
| 247-1 | Trickbot |
| 176-1 | Necurs |
| 7 | Normal |
| 12 | Normal |
| 2 | Normal |
| 21 | Normal |
| 22 | Normal |
| 23 | Normal |
| 78-1 | Zeus |
| 78-2 | Zeus |
| 91 | Conficker |