Historical GT Malware Passive DNS Data 2011-2013 (01/01/2011 to 12/31/2013)

This dataset contains a historical archive of passive DNS data produced by the Georgia Tech Information Security Center??s malware analysis system for calendar years 2011, 2012 and 2013. It was produced by executing suspect Windows executables in a sterile, isolated environment, with limited access to the Internet, for a short period of time. Each sample??s use of the DNS was recorded and used to create a 4-tuple comprising the executable's MD5 hash, the date in which the executable was processed, the qname (domain name) of the DNS query, and (if the query was of type A) a resolution IP address for the domain name. The dataset consists of multiple CSV files, with one CSV file per month. The contents of each file are sorted by process date, executable MD5, qname, and resolution IP address. As mentioned previously, for a given qname at most one resolution IP address is provided, even if the query resulted in a response record set that contains multiple resolution addresses.