This is the big and complete pcap file with all the data.The file is called and was done to have a complete normal capture without any infection. Only clean pcapĪpart from the large pcap file with all the data and before the infection with the Adware, a copy of the pcap file up to that point was done. The UPNP traffic was left in the capture because it has a strongly periodic behavior that can help confuse some algorithms.
All the packets coming or going to 10.0.0.138 port 67.All the packets coming or going to 255.255.255.255.All the packets coming or going to 224.0.0.251.These packets should not be so important to a malware detection algorithm and should not add a strong bias. Therefore some packets were erased from the capture, notably most multicast and some broadcast traffic. Since the capture was executed in a real environment, there are some privacy issues that must be addressed. The network environment was different from the Mixed capture. This capture show be used for control and probably not for creating the detection algorithms. It may be helpful to identify the IP addresses and domains used. This control infection shows how the malware behaves when executed alone without any user interaction. In order to help the verification of the Mixed capture, another separated windows computer was infected with the Bubble Dock Adware. This capture, done with the MD5 2d17f8f6fab6da5619c7528e9b0ee135 can be found in here. In order to help the analysis of this capture, the malware was also executed alone, without any user interaction. Capture of the traffic of only the malware That is, any detection algorithm should not say which IP is infected, but when it is infected and more importantly when it is not infected any more. The goal is to verify how a detection algorithm can deal with a real infection situation given that the IP address of the computer is the same. This capture is to have a Normal computer working with a real user for some time, then infect it with the malware 2d17f8f6fab6da5619c7528e9b0ee135, then clean it and continue working normally for some time. Index of /publicDatasets/CTU-Mixed-Capture-1 Index of /publicDatasets/CTU-Mixed-Capture-1
0 kommentar(er)
