Malware samples downloaded from URLs referenced in HoneyDB data.
This repository contains files downloaded from URLs that were found in honeypot data from the HoneyDB network of honeypots.
This repository will be updated with the latest finds frequently. Eventually the process for updating this repository will be fully automated, in which case the it will be updated regularly. If you are intersted in tracking this data you should watch this repository so you will be notified when commits are made.
WARNING: The scripts and binaries in this repository are malicious! Do not execute any scripts or binaries unless you know what you are doing!
Each directory name is an MD5 hash of the URL. Within each directory, you will find the URL and the downloaded malware sample. However, in many cases, at the time of retrieval the URL was no longer valid (e.g. 404 or server offline). In these cases, you will find the details of why the retrieval failed.
The file name of retrieved malware samples will be the URL hash value. Listing of possible files:
url.txt- file containing the URL.- <URL_HASH> - malware sample file.
file.txt- file containing the MD5 hash of the malware sample file.type.txt- description of file type (output offilecommand).fail.txt- file containing the reason why retreival failed (curl command output).4XX.txtor5XX.txt- file containing the output of server error codes.README.md- summary of directory contents.
Once you clone or download this repository, the following commands may be helpful.
List all URLs:
cat downloads/*/url.txt
List hashes of all malware sample files:
cat downloads/*/file.txt
List all URLs with malware sample file hashes:
for urlhash in $(ls downloads/);
do
if [ -f downloads/$urlhash/$urlhash ];
then
echo $urlhash;
echo "- $(cat downloads/$urlhash/url.txt)";
echo "- $(cat downloads/$urlhash/file.txt)";
fi
done;All binary files are compressed/encrypted with the password honeydb.