Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/inquest/malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
https://github.com/inquest/malware-samples

malware malware-analysis malware-research malware-samples

Last synced: 3 months ago
JSON representation

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

Awesome Lists containing this project

README 

        
# malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net or https://twitter.com/inquest. Be sure to also check out the Deep File Inspection (DFI) portion of https://labs.inquest.net for an interactive searchable interface to a large corpus (>500K) of downloadable malware lures.



* [CVE-2018-4878-Adobe-Flash-DRM-UAF-0day](http://blog.inquest.net/blog/2018/02/07/cve-2018-4878-adobe-flash-0day-itw/)

  * 14c58e38... Carrier: Microsoft Excel 2007+ [XLSX](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/xlsx-14c58e3894258c54e12d52d0fba0aafa258222ce9223a1fdc8a946fd169d8a12), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/xlsx-14c58e3894258c54e12d52d0fba0aafa258222ce9223a1fdc8a946fd169d8a12.report)

  * 3b1395f6... Carrier: Composite Document File V2 Document [DOC](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/doc-3b1395f620e428c5f68c6497a2338da0c4f749feb64e8f12e4c5b1288cc57a1c), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/doc-3b1395f620e428c5f68c6497a2338da0c4f749feb64e8f12e4c5b1288cc57a1c.report)

  * 88d7aa16... Stage-1: Macromedia Flash data, version 32 [SWF](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294.report), [Decompiled ActionScript](https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294-dfi)

  * 1a326925... Stage-2: (0day) Macromedia Flash data (compressed), version 32 [SWF](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d.report), [Decompiled ActionScript](https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d-dfi)

  * e1546323... Payload: (ROKRAT) PE32 executable (GUI) Intel 80386, for MS Windows [PE](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/pe-e1546323dc746ed2f7a5c973dcecc79b014b68bdd8a6230239283b4f775f4bbd), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/pe-e1546323dc746ed2f7a5c973dcecc79b014b68bdd8a6230239283b4f775f4bbd.report)

* [2018-04-GandCrab-Swarm](http://blog.inquest.net/blog/2018/04/17/gandcrab-swarm/)

  * Document Carrier: [DOC](https://github.com/InQuest/malware-samples/blob/master/2018-04-GandCrab-Swarm/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809.doc)

  * Document Dropper Macro: [VBA](https://github.com/InQuest/malware-samples/blob/master/2018-04-GandCrab-Swarm/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809.macro)

  * Additional Extracted Macros: [VBAs](https://github.com/InQuest/malware-samples/tree/master/2018-04-GandCrab-Swarm/dropper-macros)

  * Obfuscated JavaScript payloads: [JS](https://github.com/InQuest/malware-samples/tree/master/2018-04-GandCrab-Swarm/dropper-javascript)

* [2018-05-Agent-Tesla-Open-Directory](https://inquest.net/2018/05/22/field-notes-agent-tesla-open-directory)

  * Agent Tesla Payload 1:

      [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/0abb52b3e0c08d5e3713747746b019692a05c5ab8783fd99b1300f11ea59b1c9)

  * Agent Tesla Payload 2: [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/e10a98e2aa34d0ed7f5cf78717efdc809d3084bd7ca29f3a5905a3c1a22ae118)

  * Agent Tesla Payload 3: [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/cdae984bddb747f11d7d3a8708fd7e3bcaa4c295d3441899a33b4ae9f6db5aba)

  * Web Panel: [ZIP](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/web-panel/7f131248a23e3a8ee00753941f31479f72bb6284f01fb572459654306c6c26fd)

 * 2018-05-22 [Interesting Macro Obfuscation](https://twitter.com/InQuest/status/999099472255836160)

   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.doc](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5)

   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.macro](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.macro)

   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.related](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.related) 769 related hashes

* 2018-08 Hidden Bee Elements

  * [11310b509f8bf86daa5577758e9d1eb5](https://github.com/InQuest/malware-samples/blob/master/2018-08-Hidden-Bee-Elements/11310b509f8bf86daa5577758e9d1eb5)

  * [b3eb576e02849218867caefaa0412ccd](https://github.com/InQuest/malware-samples/blob/master/2018-08-Hidden-Bee-Elements/b3eb576e02849218867caefaa0412ccd)

* [2019-01 Malicious Excel XLM Macros](http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky-XLM-Files/)

  * [98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526.xlm](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526)

  * [a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a.msi](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-2-msi/a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a)

  * [c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4.exe](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-3-exe/c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4)

  * [8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4.vbs](https://raw.githubusercontent.com/InQuest/malware-samples/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-4-vbs/8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4)

  * [91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce.bat](https://github.com/InQuest/malware-samples/blob/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-5-bat/91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce)

  * [79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190.dll](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-6-dll/79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190)

* [2019-03 Sophisticated PowerShell Script (Dropping URLZone)](http://blog.inquest.net/blog/2019/03/09/Analyzing-Sophisticated-PowerShell-Targeting-Japan/)

  * [945a1276860fc4904ca23ed86b22e1782cd5761bc6c47f1cf331d9ae02cde0db.ps1](https://raw.githubusercontent.com/InQuest/malware-samples/master/2019-03-PowerShell-Obfuscation-Encryption-Steganography/945a1276860fc4904ca23ed86b22e1782cd5761bc6c47f1cf331d9ae02cde0db.bin)

  * [6847b98f36e96c3d967524811409e164746bea5ae021d44fbd6c7bfefe072582.dll](https://github.com/InQuest/malware-samples/raw/master/2019-03-PowerShell-Obfuscation-Encryption-Steganography/9.a.%20embedded%20in%20stage8.dll.bin)

  * [6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60.exe](https://github.com/InQuest/malware-samples/raw/powershell-japan/2019-03-PowerShell-Obfuscation-Encryption-Steganography/15.b.%20pe.bin)

* [2019-07 Base64 Encoded Powershell Pivots](https://inquest.net/blog/2019/07/19/base64-encoded-powershell-pivots)  

  * [PEM](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/769ba6ae91bbe410f03a5461e103bd8eecfda95ac86acdac4ac88d08df0b29bd)

  * [LNK](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/e5a940f242ab764c83f0b98bb17c1804a3d7d57583457e1d8aaa64032dc49caa)

  * [JPG](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/4148ec78d1c283d55e90fd515f200148dba0eba5d4a51e1b49d46ee0072d587b)

  * [others...](https://github.com/InQuest/malware-samples/tree/master/2019-07-Base64-Encoded-Powershell-Directives)

* [2020-05 Zloader 4.0 Macrosheet Evolution](https://inquest.net/blog/2020/05/06/ZLoader-4.0-Macrosheets-Evolution)

  * [GitHub Hosted Samples and Macrosheet Extractions](https://github.com/InQuest/malware-samples/tree/master/2020-05-ZLoader-Evolution)

  * [InQuest Labs Samples by Heuristic Match](https://labs.inquest.net/dfi/search/alert/Macrosheet%20CHAR%20Obfuscation)

* [2020-07 Tale of a Polished Carrier](https://inquest.net/blog/2020/07/27/Tale-of-a-Polished-Carrier)

  * [GitHub Hosted Samples and Embedded File Extractions](https://github.com/InQuest/malware-samples/tree/master/2020-07-GlobalSign)

* [2023-06 Mystic Stealer: The New Kid on the Block](https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block)

  * [GitHub Hosted Samples](https://github.com/InQuest/malware-samples/tree/master/2023-06-MysticStealer)

* [2024-01 Shortcut To Malice: URL Files](https://inquest.net/blog/shortcut-to-malice-url-files/)

  * [GitHub Hosted Samples](https://github.com/InQuest/malware-samples/tree/master/2024-01-URL-Files)



# Additional Sources



*Some additional GitHub repositories to explore for those curious to gather more public domain samples.*



* [ytisf/theZoo](https://github.com/ytisf/theZoo) - Live samples with binaries and source code.

* [fabrimagic72/malware-samples](https://github.com/fabrimagic72/malware-samples) - Samples collected with honeypots.

* [HynekPetrak/javascript-malware-collection](https://github.com/HynekPetrak/javascript-malware-collection) - Large collection of malicious JavaScript samples.

* [wolfvan/some-samples](https://github.com/wolfvan/some-samples) - Large collection of samples captured with honeypots.

* [0x48piraj/MalWAReX](https://github.com/0x48piraj/MalWAReX) - Remote Access Trojan (RAT) samples.

* [drbeni/malquarium](https://github.com/drbeni/malquarium) - Web based malware repository, samples available at https://malquarium.org/.

* [mstfknn/malware-sample-library](https://github.com/mstfknn/malware-sample-library) - Malware samples, derived from https://iec56w4ibovnb4wc.onion.si/.

* [RamadhanAmizudin/malware](https://github.com/RamadhanAmizudin/malware) - Malware source and binaries, most from http://www.malwaretech.com/.