To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.
This dataset is no longer available and has a current status of 'Withdrawn'.
Please see the catalog for a listing of currently available datasets.


Historical GT Malware Passive DNS Data 2011-2013
Georgia Tech
Georgia Tech
6 (lowest rank is 56)

Category & Restrictions

DNS Data
dns data, malware, threat intelligence


GT Malware Passive DNS Data 2011-2013

This dataset contains a historical archive of passive DNS data produced by the Georgia Tech Information Security Center??s malware analysis system for calendar years 2011, 2012 and 2013. It was produced by executing suspect Windows executables in a sterile, isolated environment, with limited access to the Internet, for a short period of time. Each sample??s use of the DNS was recorded and used to create a 4-tuple comprising the executable's MD5 hash, the date in which the executable was processed, the qname (domain name) of the DNS query, and (if the query was of type A) a resolution IP address for the domain name.

The dataset consists of multiple CSV files, with one CSV file per month. The contents of each file are sorted by process date, executable MD5, qname, and resolution IP address. As mentioned previously, for a given qname at most one resolution IP address is provided, even if the query resulted in a response record set that contains multiple resolution addresses.

Additional Details

2011, tech, georgia, dns, passive, 2013, malware, gt, historical, 433, historical gt malware passive dns data 2011-2013, georgia tech, resolution, qname, query, executable, multiple, md5, domain, file, csv, produced, dataset, processed, process, suspect, limited, center, time, consists, short, windows, response, environment, sample, calendar, mentioned, dns data, sorted, analysis, archive, executables, comprising, period, create, type, system, month, contents, security, tuple, isolated, 2012, access, hash, files, sterile, executing