Ransomware PCAP repository

This is a repository of PCAP files obtained by executing ransomware binaries and capturing the network traffic created when encrypting a set of files shared from an SMB server. There are 94 samples from 32 different ransomware families downloaded from malware-traffic-analysis and hybrid-analysis. There is a link to an info page for each sample, offering some information about the sample and about the scenario where it ran ('More info' column in the table).

You can download 10% of the packets from each traffic trace for free. If you find it useful and you want to download the whole samples, we ask for your e-mail and institution name, in order to keep a record of hoy many people are interested in these files. This helps us to keep this repository up and include more samples (as it proves that it is interesting for the community). We do not send you any kind of spam. We will only send you a link to download the full pcap files. In order to refer to this repository please include the link in your paper, cite the repository shared in IEEE dataPort (here) and/or cite this paper in which the repository is explained in more detail

We also offer a text file containing a description of all the input/output operations that appear in the SMB traffic. We had to create our own software in order to extract this information from large pcap files.

Click here for detailed information about the capture scenario, the I/O operations files and the DNS and HTTP traffic files.

Click here for more information about the authors and papers written by them. Please, cite some of these papers if you find useful this repository for your research.

For more information about this repository, please contact to: eduardo.berrueta@unavarra.es (More info about him)