Malware Samples for Students

Where are aspiring cybersecurity professionals able to collect malware samples to practice their reverse engineering and cyber defense techniques? You can run a honeypot, download samples from known malicious URLs on current blacklists, or skip the data collection steps and get samples directly from a variety of large repositories.

References

• Blog posts by Lenny Zeltser
  • Malware Sample Sources for Researchers
  • How to Share Malware Samples With Other Researchers
  • Specialized Honeypots for SSH, Web and Malware Attacks
  • Blacklists of Suspected Malicious IPs and URLs
  • Free Automated Malware Analysis Sandboxes and Services
  • Free Toolkits for Automating Malware Analysis
  • Free Online Tools for Looking up Potentially Malicious Websites
  • Lenny Zeltser is CISO at Axonius. An expert in incident response and malware defense, he is also a developer of Remnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware

Malware Repositories

(Last tested: January 2022)

• VirusShare: https://virusshare.com/
  • Requires login (free)
  • ZIP password is “infected"
  • Run by J Michael Roberts, Vice President - Incident Response at Stroz Friedberg
• Contagio: http://contagiodump.blogspot.com/
  • Requires password (free)
  • Run by Mila Parkour, malware researcher at Deep End Research
  • Related blog: http://contagiominidump.blogspot.com/
• The Zoo: http://thezoo.morirt.com/ / https://github.com/ytisf/theZoo
  • Curated repository of malware available in a single download
  • Look in malwares/Binaries subdirectory
  • ZIP password is “infected"
• Malshare: https://malshare.com
  • Immediate access - register to get an API key allowing download of 1000 samples/day
  • Founded by Silas Cutler - https://twitter.com/silascutler
• Das Malwerk: http://dasmalwerk.eu/
  • Immediate access
  • ZIP password is “infected”
• Virusign: http://www.virusign.com/ (Offline as-of Jan 2022)