Malware Corpus Tracker - Malware Families
| # | Parent | Family Name | Alias | Description |
|---|---|---|---|---|
| 201919781 | 1 | cve-2019-19781 | shitrix | CVE-2019-19781 Citrix RCE Shitrix |
| 201902725 | 1 | cve-2019-2725 | Weblogic deserialization async | |
| 201900959 | 1 | cve-2019-0859 | Win32k Elevation of Privilege Vulnerability | |
| 201900708 | 1 | cve-2019-0708 | BlueKeep Vulnerability in RDP | |
| 201804878 | 1 | cve-2018-4878 | Flash 0day | |
| 201800101 | 1 | cve-2018-0101 | Cisco ASA RCE | |
| 201712611 | 1 | cve-2017-12611 | Struts 2 Remote Code Execution | |
| 201711882 | 1 | cve-2017-11882 | Buffer everflow in MS Equation Editor | |
| 201710271 | 1 | cve-2017-10271 | Oracle Weblogic Remote code execution | |
| 20180830 | 1 | wcry2018 | wcry2018 | |
| 20180018 | 1 | A018 | Java malware targeting turkish users | |
| 20178759 | 1 | wsdlinject | CVE-2017-8759 | |
| 20175754 | 1 | meltdown | Meltdown CVE-2017-5754 vulnerability | |
| 20175715 | 1 | spectre | Spectre CVE-2017-5715 CVE-2017-5753 vulnerability | |
| 20171109 | 1 | Onliner | Onliner Spambot | |
| 20171107 | 1 | ufo20171107 | Unidentified makware | |
| 20170015 | 1 | A015 | Phishing emails with HTA/JS attachments downloading from duckdns.org, ususally LokiBot | |
| 20170014 | 1 | A014 | Malware from Agencja Celna DHL | |
| 20160607 | 50 | 20160607 | Phishing | |
| 10198 | 1 | TEMP.Isotope | TEMP.Isotope Berserker Bear Dragonfly DYMALLOY | |
| 5000 | 1 | haas | Links extracted from the haas.nic.cz | |
| 4923 | 4000 | dridex38923 | Dridex group 38923 | |
| 4322 | 4000 | dridex322 | Dridex group 322 Phishing campaign | |
| 4312 | 4000 | dridex312 | Dridex group 312 Phishing campaign | |
| 4302 | 4000 | dridex302 | Dridex group 302 | |
| 4222 | 4000 | dridex222 | Dridex group 222 Phishing campaign | |
| 4220 | 4000 | dridex220 | Dridex group 220 Phishing campaign | |
| 4202 | 4000 | dridex2302 | Dridex group 2302 | |
| 4125 | 4000 | dridex125 | Dridex group 125 Phishing campaign | |
| 4123 | 4000 | dridex123 | Dridex group 123 Phishing campaign | |
| 4122 | 4000 | dridex122 | Dridex group 122 Phishing campaign | |
| 4120 | 4000 | dridex120 | Dridex group 120 Phishing campaign | |
| 4001 | 4000 | dridex_zip | Dridex botnet downloader zip files | |
| 4000 | 175 | dridex | Dridex botnet | |
| 3150 | 1 | blackmatter | BlackMatter Ransomware | |
| 3140 | 1 | maze | Maze Ransomware | |
| 3130 | 1 | sodinokibi | Sodinokibi | |
| 3120 | 1 | winnti | APT41 Winnti Barium Lead Group72 Blackfly Suckfly | |
| 3110 | 1 | hackingteam | Bots Rats and other malware from Hacking Team company | |
| 3100 | 3090 | bizarro | Bizzaro Sundown Exploit Kit | |
| 3090 | 1 | sundown | Sundown Exploit Kit | |
| 3080 | 1 | neutrino | Neutrino Exploit Kit | |
| 3070 | 1 | magnitude | Magnitude Exploit Kit | |
| 3050 | 1 | angler | Angler Exploit Kit | |
| 3040 | 1 | blackhole | Blackhole Exploit Kit | |
| 3030 | 1 | orangekit | OrangeKit Exploit Kit | |
| 3020 | 1 | styx | Styx Exploit Kit | |
| 3010 | 1 | nuclear | Nuclear Exploit Kit | |
| 3000 | 1 | sakura | Sakura Exploit Kit | |
| 1800 | 1 | mediaarena | Media Arena | |
| 1790 | 1 | hydraseven | HydraSeven loader downloading PDFunk | |
| 1780 | 1 | flawedgrace | FlawedGrace RAT by TA505 | |
| 1770 | 1 | billgates | Linux Botnet BillGates | |
| 1760 | 1 | flubot | flubot | |
| 1751 | 1 | renamer2 | renamer2 | |
| 1750 | 1 | darkrenamer | DarEye packed Renamer | |
| 1740 | 1 | getshell | backdoor | |
| 1733 | 1 | chopperphp | China Chopper PHP | |
| 1732 | 1 | chopperjsp | China Chopper JSP | |
| 1731 | 1 | chopperasp | China Chopper ASP backdoors | |
| 1730 | 1 | chopper | China Chopper | |
| 1720 | 1 | qakbot | Qakbot | |
| 1710 | 1 | yewu | Adware Yewu adkuai8 | |
| 1700 | 1 | lnkr | Malicious Chrome Extension LNKR | |
| 1690 | 1 | momentum | Momentum Botnet | |
| 1680 | 1 | deloplen | Code or Group attaching WordPress withs script pointing to deloplen.com | |
| 1670 | 1 | skip | Skip 2.0 MSSQL backdoor | |
| 1660 | 1 | miraispreader | Mirai Spreader | |
| 1650 | 1 | arkei | Arkei Password Stealer | |
| 1640 | 1 | houdrat | HoudRat autoit RAT | |
| 1630 | 1 | retadup | RETADUP multipurpose botnet | |
| 1620 | 1 | U6 | U6 Mikrotik Botnet | |
| 1610 | 1 | vjw0rm | Vengeance Justice Worm (Vjw0rm) | |
| 1600 | 1 | redkeep | RedKeep ransomware -suposedly using the BlueKeep vulnerability | |
| 1590 | 1 | hognoob | Hacking activities of hognoob.se | |
| 1580 | 1 | glimpse | APT34 Glimpse Project | |
| 1570 | 1 | sustes | sustes linux miner | |
| 1560 | 1 | sshbear | SSH Mass scanning from Russia | |
| 1520 | 1 | xmrig | XMRig PUA | |
| 1510 | 1 | speakup | SpeakUp Linux Botnet | |
| 1500 | 1 | lockergoga | LockerGoga Ransomware | |
| 1490 | 1 | matrix | Matrix Ransomware | |
| 1480 | 1 | magecart | Skimming javascript to steal credit card data from eshops | |
| 1470 | 1 | ryuk | Ryuk Ransomware | |
| 1460 | 1 | magentocch | Credit Card Hijack injected to Magento shop | |
| 1450 | 1 | xorddos | XOR.DDoS linux malware | |
| 1440 | 1 | icedid | IcedID banking Trojan | |
| 1430 | 1 | grandsoftek | GrandSoft Exploit Kit | |
| 1420 | 1 | smokeloader | Smoke Loader | |
| 1410 | 1 | ramnit | Ramnit Botnet | |
| 1400 | 1 | rigek | Rig Exploit Kit | |
| 1391 | 1 | azorult | AZORult Trojan | |
| 1390 | 1 | hermes | Hermes Ransomware | |
| 1380 | 1 | umbreon | Umbreon Linux Rootkit | |
| 1370 | 1 | retefe | ReTeFe banking trojan | |
| 1360 | 1 | houdini | Houdini | |
| 1350 | 1 | qrat | Quaverse RAT Remote Access as a Service | |
| 1340 | 1 | qrypter | Qrypter Crypter-as-a-Service | |
| 1330 | 1 | sipvicious | SIP scaner sipvicious/friendly-scanner | |
| 1320 | 1 | alokibot | LokiBot Android Banking trojan / Ransomware | |
| 1310 | 1 | lokibot | Loki Bot (win32) | |
| 1300 | 1 | crossrat | CrossRAT remote access trojan for Lin Win Mac | |
| 1290 | 1 | scarab | Scarab Ransomware | |
| 1284 | 1 | hc_suspected | Files suspected to be related to Hidden Cobra | |
| 1283 | 1280 | hc_deltacharlie | Hidden Cobra - DeltaCharlie North Korea’s DDoS Botnet Infrastructure | |
| 1282 | 1280 | hc_fallchill | Hidden Cobra FallChill | |
| 1281 | 1280 | hc_volgmer | Hidden Cobra Volgmer | |
| 1280 | 1 | hiddencobra | lazarus | North Korean Malicious Cyber Activity |
| 1260 | 1 | soundj | malware refering to ..../sound.mp3 | |
| 1250 | 1 | cquretools | Pentest tools from CQure | |
| 1240 | 1 | badrabbit | BadRabbit Ransomware | |
| 1230 | 1 | netwire | Netwire banking malware | |
| 1220 | 1 | shirime | Shirime Turla group malware | |
| 1210 | 1 | gamefish | seduploader | Gamefish APT28 malware |
| 1200 | 13 | cpuminer | Exploiting Linux systems to run cpuminer | |
| 1190 | 13 | sambacry | SambaCry linux malware | |
| 1180 | 1 | globeimposter | Globeimposter Ransomware | |
| 1141 | 1 | blackenergy3 | BlackEnergy APT | |
| 1140 | 1 | blackenergy | BlackEnergy APT | |
| 1130 | 1 | karo | Karo Ransomware | |
| 1120 | 1 | idicaf | Idicaf | |
| 1100 | 1 | trickbot | Trickbot Botnet | |
| 1080 | 1 | corebot | CoreBot trojan | |
| 1071 | 1 | okyfaru | Malwarenights.cz - IREM Case Okyfaru | |
| 1070 | 1 | blufamud | Malwarenights.cz - IREM Case Blufamud | |
| 1060 | 1 | jaff | Jaff Ransomware | |
| 1050 | 1 | wannacry | WannaCryptor ransomware | |
| 1040 | 1 | mimikatz | Mimikatz hacking tool | |
| 1030 | 1 | crypt0l0cker | Crypt0l0cker TorrentLocker | |
| 1020 | 1 | micropsia | Micropsia APT | |
| 1010 | 1 | crackers | Password Crackers | |
| 990 | 1 | kasperagent | Kasperagent APT | |
| 960 | 1 | pasties | Malware on Pastebin | |
| 950 | 1 | luminositylink | LuminosityLink RAT | |
| 940 | 13 | venom | Venom Linux Rootkit | |
| 930 | 1 | spora | Spora ransomware | |
| 920 | 1 | sage | Sage ransomware | |
| 910 | 470 | goldeneye | GoldenEye ransomware | |
| 900 | 1 | kelihos | JS malware dropper | |
| 890 | 19 | x-agent | X-Agent spyware used by Fancy Bear | |
| 880 | 13 | dofloo | spike | Linux Backdoor Spike DDOS Dofloo |
| 870 | 13 | wifatch | Wifatch Linux botnet | |
| 860 | 13 | darlloz | Darlloz Linux worm attacking IoT | |
| 850 | 840 | irctelnet | IRCTelnet Linux Malware based on Aidra | |
| 840 | 13 | aidra | Aidra Linux Malware | |
| 830 | 13 | dirtycow | Malware using exploit to Dirty Cow | |
| 800 | 1 | viotto | Viotto.Keylogger | Viotto Keylogger |
| 790 | 13 | ladylinux | Linux.Lady | Linux malware written in GO language |
| 780 | 680 | elfiot | Unknown Linux IoT ELF worm using password set used in Mirai malware | |
| 770 | 1 | coolmemes | Coolmemes - linux DoS bot | |
| 760 | 700 | stdbot | STDbot - moddified Kaiten | |
| 750 | 1 | themoon | TheMoon Linksys Worm | |
| 740 | 1 | powershell | Unsorted powershell malware | |
| 730 | 710 | remaiten | Remaiten linux malware | |
| 720 | 13 | luabot | Luabot malware | |
| 710 | 13 | wopbot | Wopbot ELF malware | |
| 700 | 13 | kaiten | Kaiten (ktx/tsunami/STD) ELF malware | |
| 690 | 13 | torlus | Torlus (LizKebab/GayFgt/Bashdoor/Bashlite) ELF malware | |
| 680 | 13 | mirai | Mirai IoT malware | |
| 670 | 190 | hancitor | Hancitor VB malware dropper | |
| 660 | 1 | hawkeye | golroted | HawkEye Key Logger |
| 650 | 1 | metel | Metel - attack against financial institutions | |
| 640 | 1 | lurk | Lurk Banking Trojan - targetting russian banks | |
| 630 | 1 | ruag | Ruag Espionage Case | |
| 620 | 1 | cerber | Cerber Ransomware | |
| 610 | 1 | godless | Godless Mobile Malware | |
| 590 | 400 | tinba | Tinba - Tiny Banker with Domain Generation Algorythm | |
| 580 | 400 | nemucod | Nemucod Trojan | |
| 570 | 50 | zeuspanda | Zes Panda | |
| 560 | 1 | imaut | Imaut worm | |
| 550 | 1 | r0xy | delf | R0xy/Delf trojan and associated malware |
| 540 | 1 | spyeye | SpyEye | |
| 530 | 1 | jigsaw | Jigsaw ransomware | |
| 520 | 1 | keranger | Keranger ransomware | |
| 510 | 1 | bitcryptor | Bitcryptor ransomware | |
| 500 | 1 | coinvault | CoinVault ransomware | |
| 490 | 1 | ctblocker | CTB-Locker ransomware | |
| 480 | 1 | cryptolocker | Cryptolocker ransomware | |
| 471 | 1 | petya_susp | Malware suspected to be linked to Petya outbreak | |
| 470 | 1 | petya | Petya ransomware | |
| 460 | 1 | lethic | ||
| 450 | 1 | neutrinobot | ||
| 440 | 1 | samsam | Samsam ransomware | |
| 430 | 400 | rockloader | Rockloader | |
| 420 | 1 | cryptowall | CryptoWall ransomware | |
| 410 | 1 | teslacrypt | Teslacrypt ransomware | |
| 406 | 400 | kovter | Kovter ad-fraud trojan | |
| 405 | 400 | necurs | Necurs botnet | |
| 401 | 400 | locky_panel | Panel of locky malware | |
| 400 | 4000 | locky | Locky ransomware | |
| 390 | 1 | rovnix | Rovnix banking trojan | |
| 380 | 270 | goznym | GozNym banking trojan | |
| 370 | 1 | shifu | Shifu | |
| 360 | 350 | send-safe | Send-safe enterprise mailer used for spam | |
| 350 | 1 | pony | Pony spyware | |
| 332 | 330 | malrtf_ole2link | Weaponized RTF with OLE2Link exploit - CVE-2017-0199 | |
| 331 | 1 | maldoc | Unsorted Malware using weaponized DOC | |
| 330 | 1 | malrtf | Unsorted Malware using weaponized RTF | |
| 320 | 1 | adwind | Adwind Java Jar Trojan | |
| 310 | 1 | poison_ivy | ||
| 300 | 1 | pax | ||
| 297 | 1 | plugx_unsorted | ||
| 296 | 1 | plugx_tmp | ||
| 295 | 1 | plugx_doc | Documents used to phish victims to execute the malware | |
| 293 | 1 | plugx_enc | PlugX encrypted payload | |
| 292 | 1 | plugx_exe | PlugX benign signed EXE | |
| 291 | 1 | plugx_dll | PlugX DLL loader | |
| 290 | 1 | plugx | PlugX RAR SFX setups | |
| 289 | 286 | tvt | TVT RAT | |
| 288 | 286 | sogu | Sogu RAT | |
| 287 | 286 | thoper | Thoper RAT | |
| 286 | 1 | destory | Destory RAT | |
| 285 | 1 | bookworm_doc | ||
| 283 | 1 | bookworm_enc | ||
| 282 | 1 | bookworm_exe | ||
| 281 | 1 | bookworm_dll | ||
| 280 | 1 | bookworm | Bookworm APT Trojan | |
| 270 | 1 | nymaim | Nymaim | |
| 260 | 1 | duqu | Duqu | |
| 250 | 1 | andromeda | Andromeda | |
| 240 | 1 | upatre | Upatre | |
| 231 | 1 | dyreza_pdf | ||
| 230 | 1 | dyreza | Dyreza malware | |
| 220 | 1 | cosmicduke | Cosmic Duke APT Trojan | |
| 212 | 210 | cozy_exe | ||
| 211 | 210 | cozy_pdf | ||
| 210 | 1 | cozy | cozyduke | Cozy Duke APT Trojan |
| 200 | 1 | tijuana | Malware targetting servers in Mexico | |
| 190 | 1 | vawtrak | gozy | Vawtrak/Gozy banking trojan |
| 180 | 1 | cbtlocker | Ransomware CBTLocker | |
| 164 | 160 | php_fingerprint | PHP Fingerprinting scripts used on compromised websites | |
| 163 | 163 | perl_shell | Perl Shell | |
| 162 | 162 | jsp_shell | JSP web shell | |
| 161 | 161 | asp_shell | ASP web shell | |
| 160 | 160 | php_shell | PHP web shell | |
| 152 | 1 | hardcore | HardCore Software For : Public | |
| 150 | 1 | dhl_tracking | Phishing related to DHL Tracking and other services | |
| 125 | 120 | geodo_doc | Geodo/Heodo/Emotet DOC downloader | |
| 124 | 120 | geodo_js | Geodo/Heodo/Emotet JS downloader | |
| 123 | 120 | geodo_pdf | PDF files referencing download sites of Geodo malware | |
| 122 | 120 | geodo_2nd | Second stage modules of the Geodo Banking Trojan | |
| 121 | 120 | geodo_zip | Zip files of the Geodo Banking Trojan | |
| 120 | 1 | geodo | Geodo Banking Trojan | |
| 110 | 1 | virautit | Unidentified Autit Malware | |
| 103 | 1 | vbscript | Unidentified Malicious VBScript | |
| 102 | 1 | javascript | Unidentified Malicious Javascript | |
| 101 | 1 | exploitation | Generic whitepapers on exploitation | |
| 100 | 100 | myklebust | ||
| 80 | 80 | ngrbot | dorkbot | NGR IRC Bot |
| 70 | 70 | fakeav | Fake Antivirus Malware | |
| 60 | 60 | zeroaccess | ZeroAccess Banking Trojan based on Zeus | |
| 50 | 50 | zeus | Zeus Banking Trojan and its unidentified derivatives | |
| 42 | 11 | paycrypt | js_downloader | Russian ransomware based on JS.Downloader script |
| 40 | 11 | ruransom | Russian ransomware written in BAT files | |
| 30 | 30 | cridex | feodo | http://rebsnippets.blogspot.com/cridex |
| 24 | 15 | psexec | Sysinternals psexec - often misused goodware | |
| 22 | 15 | winpcap | WinPcap drivers | |
| 21 | 15 | winrar | WinRar sfx stubs - often misused goodware | |
| 20 | 20 | sifreli | Ransomware encryption files on hard-drive. | |
| 19 | 13 | androidmalware | Unsorted Android Malware | |
| 13 | 1 | linmalware | Unsorted Linux malware | |
| 10 | 11 | artemis | ||
| 8 | 2 | asprox_dll | DLL files downloaded by asprox downloaded from the C2 sites using the type="rdl" message | |
| 7 | 2 | asprox_txt | TXT file dropped by Asprox downloader | |
| 6 | 2 | asprox_zip | Zip file containing the Asprox downloader. | |
| 5 | 2 | asprox_2nd | asprox_stage2 | Additional files downloaded by the Asprox malware. |
| 4 | 2 | asprox_php | Samples of malicious PHP scripts used by Asprox | |
| 3 | 2 | asprox_susp | Samples suspected to be Asprox downloader | |
| 2 | 2 | asprox | kuluoz | http://rebsnippets.blogspot.com/asprox |
| 1 | 1 | generic | unknown | Unknown Malware |