We, as malware analysts, are always in need for new samples to analyze in order to learn, train or develop new techniques and defenses. One of the most common question I get is “Where to find malware to analyze?” so I’m sharing here my private collection of repositories, databases and lists which I use on a daily basis. Some of them are updated frequently and some of them are not. The short description under each link wasn’t written by me, it was written by the owners of the repositories.
If you want to add another resource to the list please inform me in the comments.
Please, be careful when using these sites. Almost all of them contain malicious files. Use with caution!
theZoo is a project created to make the possibility of malware analysis open and available to the public.
Open Malware Project by Danny Quis
Contagio is a collection of the latest malware samples, threats, observations, and analyses.
Free malware analysis service powered by Payload Security. Using this service you can submit files for in-depth static and dynamic analysis. You can also download samples from analysis submitted by others.
AVCaesar is a malware analysis engine and repository, developed by malware.lu
DAS MALWERK collects executable malware from all kinds of shady places on the internet
An active community devoted to malware analysis and kernel development
The MalShare Project is a collaborative effort to create a community driven public malware repository that works to build additional tools to benefit the security community at large.
— Itay Cohen (@Megabeets_Blog) October 12, 2016
Repository of Malware URLs and Samples
Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back. You can also download samples from analysis submitted by others.
Virusign downloads malware and sort files in order of relevance, for researchers to download samples and analyze them to create new signatures.
A repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of malicious code.
Malwarebytes Research Center
Forums to post new threats and urls
Mobile Malware (Google Group)
A mailing list for researching mobile malware. This group allows material related to new mobile malware samples, analysis, new techniques, questions pertaining to the field, and other related material.
Repository of french team called MAD (Malware Analysis & Diagnostic)
Malekal’s collection of malware
An updated database of domains hosting malicious executables.
S!Ri.URZ Collection of malware and urls
Providing access to database which contains data such as: URL, MD5, IP, TLD, etc
Sucuri Malware Labs
Latest findings that Sucuri Labs seeing in the “wild”
ZeuS Tracker provides you the possiblity to track ZeuS Command&Control servers (C&C) and malicious hosts which are hosting ZeuS files.
A list of Feodo botnet C&C servers tracked by Feodo Tracker.
Lists the C&C panels of certain in-the-wild botnets.
Again, please be careful when using these sites. Almost all of them contain malicious files. Use with caution!