To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.

Summary

DS-0520
GT Malware Passive DNS Data Daily Feed
Dataset
Georgia Tech
Georgia Tech
07/01/2015
Data collection is ongoing
1 (lowest rank is 49)

Category & Restrictions

DNS Data
Quasi-Restricted
true

Description


GT Malware Passive DNS Data Daily Feed

This dataset contains a daily feed of passive DNS data produced by the Georgia Tech Information Security Center??s malware analysis system. It is produced by executing suspect Windows executables in a sterile, isolated environment, with limited access to the Internet, for a short period of time. Each sample??s use of the DNS is recorded and made available in both raw (packet capture, or PCAP) and plaintext formats. The plaintext format, which contains a subset of information present in the PCAP files, is represented as a series of CSV files named according to the date on which a given set of executables was processed. Each file comprises a series of 3-tuples that provide the executable's MD5 hash, the qname (domain name) of the DNS query, and (if the query was of type A) a resolution IP address for the domain name. Note that in the plaintext format, for a given MD5 and qname there is at most one resolution IP address provided, even if the query resulted in a response record set that contains multiple resolution addresses.

This dataset is structured as a set of archives that each correspond to a single day of sample processing-based DNS data collection. Each archive decompresses to a top-level folder containing a CSV file (the plaintext format) and a PCAP subdirectory (the raw format) for that day. The contents of the CSV file are sorted by executable MD5, qname, and resolution IP address. The PCAP subdirectory contains a set of PCAP files that are each named according to the MD5 of the sample that generated the corresponding DNS traffic it contains.
This dataset is the subject of ongoing measurement and data collection. As such the data is continuously growing. Researchers who are granted access will be able to download updates for a period of one year after their request.

Additional Details

N/A
Size is growing as more data is collected
false
true
cybercrime, malware, network analyzers, gt malware passive dns data daily feed, application layer protocols, technological universities in the united states, packet analyzer, universities and colleges in atlanta, engineering universities and colleges in georgia, packets, atlantic coast conference schools, malware analysis, 520, georgia tech, ip address, pcap, xml, qname, domain name system, georgia institute of technology, universities and colleges in georgia, domain name, exploit, university system of georgia