https://github.com/kasuncsb/live-malware-db

A collection of latest malware samples
https://github.com/kasuncsb/live-malware-db

malware malware-analysis malware-research malware-sample

Last synced: 25 days ago
JSON representation

A collection of latest malware samples

• Host: GitHub
• URL: https://github.com/kasuncsb/live-malware-db
• Owner: KasunCSB
• License: mit
• Created: 2026-02-06T06:54:49.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2026-02-28T10:31:16.000Z (about 2 months ago)
• Last Synced: 2026-02-28T15:15:57.906Z (about 2 months ago)
• Topics: malware, malware-analysis, malware-research, malware-sample
• Language: Python
• Homepage:
• Size: 1.99 GB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  



Live Malware Database




  Curated collection of malware samples for security research and threat analysis





  

  

  

  



---

**DISCLAIMER**: This repository contains live malware samples intended exclusively for security research, malware analysis, and educational purposes. By accessing this repository, you agree to the [Terms of Use](TERMS_OF_USE.md). The maintainers assume no liability for misuse.

---

## About

This is a curated collection of live malware samples actively seen in current threat environments. From a large pool of malware samples, specific criteria are used to select only fresh and verified samples - the rest are filtered out. This approach ensures quality over quantity, giving researchers actual current threats rather than historical malware. It supports antivirus detection testing, malware behavior analysis, threat research, and understanding how threat actors are evolving.

The repository cycles monthly: clone to get current month's samples, and at month-end samples are archived to releases and the repository is refreshed. This keeps the main repository focused on latest threats while maintaining historical archives for further analysis.

## Recent Additions

| Family | Verdict | OS | SHA-256 | Discovered | VT |

|--------|---------|-----|--------|------------|----|

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [54a790f11f64b2f4a0649f61acd006cefe63147c6d4c122bcbe732fa4c49e320](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/y) | 40m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [0788c1c249cb3ed3c96f76062f1bfe0091899b3bef78160eb55a8c8014ab4f0e](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/x) | 41m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [52817af1b60452736b419cfc629f3e2c493ca07b952093c0817be6f118dbabf1](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/w) | 42m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [31af34400c260dbb02de00f976709cce410de17dbc66123cfb11f42f4a3beb08](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/v) | 42m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [c406e9185645c7a40319fabc9b021021a9acffb2ec23253ec38f161be4fc1d20](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/u) | 43m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [c9f1e6d5cb31e4efd65a5a3680df0badfda61bb4646c1af0ded9b9e13836c47b](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/t) | 43m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ew | Linux | [a5d3b14ed9482a0c4947dcbcc206c40cee0ceddd0e80985a4be045eaf2fab7c6](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ew/s) | 43m ago | link |

| Unknown | HEUR:Trojan-Downloader.Shell.Agent.p | Linux | [8b9ea0ab6d318a0bf0e90a2d12c9b2a23d3f242f1b081464e4721fbc12b1ec11](Binaries/Unknown/HEUR-Trojan-Downloader.Shell.Agent.p/ap) | 44m ago | link |

| Mirai | HEUR:Trojan-Downloader.Shell.Agent.p | Linux | [24d4f12d88d5d787dffe22d0fb215e00e5f23ae9c9e6702d7aa4da518f93a2f1](Binaries/Mirai/HEUR-Trojan-Downloader.Shell.Agent.p/ba) | 44m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.ba | Linux | [2e6c6f5a0532054eea876c6d225f1e70d8d24d9952d6aecef799cb6948bc9c0a](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.ba/br) | 46m ago | link |

| Unknown | HEUR:Trojan-Downloader.Shell.Agent.bc | Linux | [d51ef350ddbc990d6ca77d90b69a3fc7b959f921abc20423268aeefa7e2c92e3](Binaries/Unknown/HEUR-Trojan-Downloader.Shell.Agent.bc/m) | 46m ago | link |

| SpyNote | HEUR:Trojan-Spy.AndroidOS.SpyNote.bv | Android | [2b6d20746ed11f62b35a7c29d1912de18248e9e10247c29a6ee0929877a57d77](Binaries/SpyNote/HEUR-Trojan-Spy.AndroidOS.SpyNote.bv/b) | 47m ago | link |

| SpyNote | HEUR:Trojan-Spy.AndroidOS.SpyNote.bv | Android | [ad02db22949f80c2981ae59813672c44d339eb94dfdd4e01ff329470cdd9230e](Binaries/SpyNote/HEUR-Trojan-Spy.AndroidOS.SpyNote.bv/a) | 47m ago | link |

| SpyNote | HEUR:Trojan-Spy.AndroidOS.SpyNote.dk | Android | [6c1aeaeb5786f3632f0a02356b26bdde2ccf77e1e8c6d3f8f6b88e9458f7839f](Binaries/SpyNote/HEUR-Trojan-Spy.AndroidOS.SpyNote.dk/c) | 48m ago | link |

| SpyNote | HEUR:Trojan-Spy.AndroidOS.SpyNote.dk | Android | [9aafbc143c66661609f34c483a85015f30f7da2a38f375d9e10c8eeadc6cb5da](Binaries/SpyNote/HEUR-Trojan-Spy.AndroidOS.SpyNote.dk/b) | 48m ago | link |

| SpyNote | HEUR:Trojan-Spy.AndroidOS.SpyNote.dk | Android | [deb2cc80a190e73d81758b738bac4e8f0f116b587b07d65ddc8b668f0b89b0bb](Binaries/SpyNote/HEUR-Trojan-Spy.AndroidOS.SpyNote.dk/a) | 48m ago | link |

| ConnectWise | not-a-virus:HEUR:RemoteAdmin.Win32.Conne | Windows | [9c71fca90904adceac3477b5c5a85cbdd3d5b4c4c64bee96730ed68d17441048](Binaries/ConnectWise/not-a-virus-HEUR-RemoteAdmin.Win32.ConnectWise.gen/ac) | 49m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.r | Linux | [be75c36a98af6797dfee6a7cde7b0547b460bae66bc8f37a8a949a91b433cb0b](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.r/cv) | 50m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.r | Linux | [a6f5c3ec37d0b63b6d17d93f2b9b5c1c17326191fc83779e436ff3b1ad27d748](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.r/cu) | 50m ago | link |

| Mirai | HEUR:Backdoor.Linux.Mirai.r | Linux | [f56a8b969702c6e14fd6be7fa8b680273814c41410525cf514664d097554bc91](Binaries/Mirai/HEUR-Backdoor.Linux.Mirai.r/ct) | 51m ago | link |

## Repository Structure

```

Binaries/

└── /

    └── /

        └── /

            ├── .zip

            └── .json

```

**ZIP Password**: `infected`

## Access

**Individual Samples**: Browse the `Binaries` directory.  

**Monthly Archives**: Download complete monthly datasets from [Releases](../../releases) as compressed tarballs.

## License

See [LICENSE](LICENSE) file for details.

> **IMPORTANT NOTICE**: This license applies ONLY to the repository structure, documentation, and associated tooling. It does NOT apply to the malware samples contained within. Malware samples are provided solely for educational purposes and use of them is at your own risk.