This is a project created to make it easier for malware analysts to find virus samples for analysis, research, reverse engineering, or review. Malware can be tricky to find, much less having a solid understanding of all the possible places to find it, This is a living repository where we have attempted to document as many resources as possible in order to make your job easier. Please be sure to exercise EXTREME CAUTION when handling these files because as you well know, they have been designed and developed with malicious intent by their original authors. We believe in transparency and helping the good guys have the right access and tools they need to rip these malicious files apart.
We welcome all requests and contributions!
Please remember that these are live and dangerous malware! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes only. !!!
We highly recommend reviewing these files in a pristine sandboxed environment or in a dedicated Virtual Machine that has no Internet access. If you are not careful, you will infect yourself or others with dangerous malware!!!
The following repositories are the easiest to get started with because they require no registration or special access. You can simply go to the website and download a file immidateily.
| Name | URL | Description |
|---|---|---|
| Malware Feed | https://github.com/MalwareSamples/Malware-Feed | Collection of malware recently developed organized by Threat Reports from CISA, FBI, Antivirus companies and others. Designed to make it easier to find samples tied to a given alert notice or publication. |
| The Zoo | https://github.com/ytisf/theZoo | Organized Collection by Family spanning a few years. Also known as "Malware DB" https://thezoo.morirt.com. |
| Malware Samples | https://github.com/fabrimagic72/malware-samples | Small collection of malware organized by family. |
| Malware Archive | https://github.com/jstrosch/malware-samples | Variety of malware samples, freshly maintained. Contains binaries, memory dumps, and office documents. |
| InQuest | https://github.com/InQuest/malware-samples | A collection of malware samples and relevant dissection information, most probably referenced from their Blog or Twitter Feed. |
| MalwareBazaar | https://bazaar.abuse.ch/ | Run by abuse.ch. The purpose of the project is to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and customers from cyber threats. |
| VX Underground | https://vx-underground.org/samples.html |
| Name | URL | Description |
|---|---|---|
| Das Malwerk | https://dasmalwerk.eu | Miscellaneous collection of malware samples by Robert Svensson. Doesn't appear to be updated. |
| HynekPetrak | https://github.com/HynekPetrak/javascript-malware-collection | old Javascript Malware Collection. |
| WolfVan | https://github.com/wolfvan/some-samples | Medium collection of samples captured with honeypots. |
| MalWAReX | https://github.com/0x48piraj/MalWAReX | Mostly Remote Access Trojan (RAT) samples. |
| MalwareTech | https://github.com/RamadhanAmizudin/malware | Small collection of malware sources and samples leaked online. |
| Mustafa | https://github.com/mstfknn/malware-sample-library | Small collection of APT malware. |
| Objective-See | https://objective-see.com/malware.html | Very small archive of MAC (Apple) malware by family. |
| Name | URL | Description |
|---|---|---|
| Virus Samples | https://virussamples.com | Enterprise and Free feeds available. Massive repository and archive. |
| VirusShare | https://virusshare.com/ | VirusShare is a service hosted and maintained by Corvus Forensics. |
| MalQuarium | https://malquarium.org/ | Small archive of samples mostly from MalShare and URLHaus. Web based malware repository. |
| MalShare | https://malshare.com | Free Malware repository run by Silas Cutler. |
| Contagio | http://contagiodump.blogspot.com/ | Blog that is updated from time to time with interesting samples. Not an archive. |
| PolySwarm | https://polyswarm.io | Blockchain based Antivirus Aggregation engine that allows you to download certain samples with registration. |
| VirusTotal | https://www.virustotal.com | Antivirus Aggregation engine that allows you to download certain samples with registration. |
| VirusBay | https://beta.virusbay.io/ | Small community drive malware collection. |
| VirusSign | https://virussign.com | VirusSign offers a collection of high quality malware samples in various categories. 500/day are free. |
| Name | URL | Description |
|---|---|---|
| Any.run | https://app.any.run | interactive online sandbox with lots of options. |
| Hatching Triage | https://tria.ge/dashboard | Sandbox where you can submit files of your own and download others. |
| Hybrid Analysis | https://www.hybrid-analysis.com/ | Free malware analysis service for the community that detects and analyzes owned by Crowdstrike. |
| SNDBOX | https://app.sndbox.com/ | Currently under maintenance. |
| Name | URL | Description |
|---|---|---|
| KernelMode | https://kernelmode.info | Forum for malware analysis and discussion. Not an archive. Doesn't seem to be maintained. |
| Name | URL | Description |
|---|---|---|
| PacketTotal | https://packettotal.com | Malware inside downloadable PCAP files. |
| Malware Traffic Analysis | https://www.malware-traffic-analysis.net/ | Blog style lists of various pcap files and malware samples for analysis. They are structured in an exercise format for learning. |
| URLhaus | https://urlhaus.abuse.ch/browse/ | Another project by the kind folks at abuse.ch. Contains links to live sites hosting malware, also known as malicious URLS. |
Thanks for you interest!
Brought to you by the Virus Samples Team at https://VirusSamples.com.