Curated collection of malware samples for security research and threat analysis
DISCLAIMER: This repository contains live malware samples intended exclusively for security research, malware analysis, and educational purposes. By accessing this repository, you agree to the Terms of Use. The maintainers assume no liability for misuse.
This is a curated collection of live malware samples actively seen in current threat environments. From a large pool of malware samples, specific criteria are used to select only fresh and verified samples - the rest are filtered out. This approach ensures quality over quantity, giving researchers actual current threats rather than historical malware. It supports antivirus detection testing, malware behavior analysis, threat research, and understanding how threat actors are evolving.
The repository cycles monthly: clone to get current month's samples, and at month-end samples are archived to releases and the repository is refreshed. This keeps the main repository focused on latest threats while maintaining historical archives for further analysis.
Binaries/
└── <family>/
└── <verdict>/
└── <variant>/
├── <hash>.zip
└── <hash>.json
ZIP Password: infected
Individual Samples: Browse the Binaries directory.
Monthly Archives: Download complete monthly datasets from Releases as compressed ZIP archives.
See LICENSE file for details.
IMPORTANT NOTICE: This license applies ONLY to the repository structure, documentation, and associated tooling. It does NOT apply to the malware samples contained within. Malware samples are provided solely for educational purposes and use of them is at your own risk.