Android Mischief Dataset: network dataset of mobile phones infected with Android Remote Access Trojans

The Android Mischief Dataset is a dataset of network traffic from mobile phones infected with Android RATs. Its goal is to offer the community a dataset to learn and analyze the network behavior of RATs to propose new detections to protect our devices. The dataset consists of 8 packet captures from 8 executed Android RATs. The Android RATs used in the dataset are: - RAT01 - Android Tester v6.4.6 - RAT02 - DroidJack v4.4 - RAT03 - HawkShaw - RAT04 - SpyMAX v2.0 - RAT05 - AndroRAT - RAT06 - Saefko Attack Systems v4.9 - RAT07 - AhMyth - RAT08 - Command-line AndroRAT The dataset contains a folder and its zip for each of the experiments. Each experiment was conducted manually by controlling the attacker and the victim. Considering that, each folder contains the following files: - README.md - the generic description of the execution, containing the name of the executed RAT, details of the RAT execution environment, details of the pcap (client’s IP and server’s IP, time of start of the infection). - APK - APK file generated by the RAT’s attacker program. - Log - very detailed and specific time log of all the actions performed in the client and the server during the experiment. - Pcap - network traffic of the whole infection. - Screenshots - a folder with screenshots of the mobile device and controller while performing malicious actions. - Zeek logs - a folder with Zeek generated logs after running Zeek on a RAT pcap. The zip files are encrypted with the password ‘infected’.