To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.

Summary

DS-0433
Historical GT Malware Passive DNS Data 2011-2013
Dataset
Georgia Tech
Georgia Tech
01/01/2011
12/31/2013
6 (lowest rank is 50)

Category & Restrictions

DNS Data
dns data, malware, threat intelligence
Unrestricted
true

Description


GT Malware Passive DNS Data 2011-2013

This dataset contains a historical archive of passive DNS data produced by the Georgia Tech Information Security Center??s malware analysis system for calendar years 2011, 2012 and 2013. It was produced by executing suspect Windows executables in a sterile, isolated environment, with limited access to the Internet, for a short period of time. Each sample??s use of the DNS was recorded and used to create a 4-tuple comprising the executable's MD5 hash, the date in which the executable was processed, the qname (domain name) of the DNS query, and (if the query was of type A) a resolution IP address for the domain name.

The dataset consists of multiple CSV files, with one CSV file per month. The contents of each file are sorted by process date, executable MD5, qname, and resolution IP address. As mentioned previously, for a given qname at most one resolution IP address is provided, even if the query resulted in a response record set that contains multiple resolution addresses.

Additional Details

N/A
false
false
cybercrime, malware, historical gt malware passive dns data 2011-2013, application layer protocols, technological universities in the united states, universities and colleges in atlanta, engineering universities and colleges in georgia, atlantic coast conference schools, history of computing, malware analysis, security and maintenance, 433, georgia tech, ip address, xml, qname, domain name system, georgia institute of technology, universities and colleges in georgia, domain name, exploit, microsoft windows security technology, internet governance, university system of georgia