Malware samples I have found & investigated in the wild; not pulled from other sources. (Most of these come from intercepted corporate phishing campaigns that I found interesting.)
My own writeups are available for each of these, but I encourage you to investigate each sample yourself first.
If I missed something in my writeups:
Please open an Issue, insult me, and then show me your interesting findings - I enjoy learning new things.
Each Sample will have a designated folder, denoted by a super awesome name I choose representing each campaign.
For campaigns about which little/nothing is known (Either due to dead C2s, repeat-visit filtration, I got bored, etc.), They will begin with "Anon" after my category numbering.
If you would like a brief overview of what each sample does, what language it is written in, or other basic info, see the Library's Index!
- The master folder will contain the following:
- My writeup
- Tl;dr synopsis (Delivery vector, objective, notes, etc.)
- Archive containing the payload/live malicious binary.
- The live-payload archive will be denoted "[MonthYear] - [MD5 Hash]"
- Archive password: "infected"
- Content within this zip archive exists as it was originally received. Original filenames, hashes, etc. are preserved.
- I will add "ap-"-prefixed files in the live-payload archive for "analyst-provided" accompanying media. (e.g.: an email from the threat actor supplying the password of a zip archive.). If there are many of these, they will be placed inside a folder with this prefix.