Ransomware PCAP repository

这是通过执行勒索软件二进制文件并捕获加密从 SMB 服务器共享的一组文件时创建的网络流量而获得的 PCAP 文件存储库。从恶意软件流量分析和混合分析中下载了来自 32 个不同勒索软件系列的 94 个样本。每个示例都有一个指向信息页面的链接，提供有关示例及其运行场景的一些信息（表中的“更多信息”列）。您可以从每个流量跟踪中免费下载 10% 的数据包。如果您觉得它有用并且想要下载整个样本，我们会询问您的电子邮件和机构名称，以便记录许多对这些文件感兴趣的人。这有助于我们保持这个存储库并包含更多示例（因为它证明了它对社区很有趣）。我们不会向您发送任何类型的垃圾邮件。我们只会向您发送一个链接以下载完整的 pcap 文件。要引用此存储库，请在您的论文中包含链接，引用在 IEEE dataPort（此处）中共享的存储库和/或引用本文，其中对存储库进行了更详细的解释 我们还提供了一个包含描述的文本文件出现在 SMB 流量中的所有输入/输出操作。为了从大型 pcap 文件中提取这些信息，我们必须创建自己的软件。

This is a repository of PCAP files obtained from network traffic generated when executing ransomware binaries and capturing the encryption of a set of files shared from an SMB server. Ninety-four samples from 32 distinct ransomware families were downloaded via malware traffic analysis and hybrid analysis. Each sample includes a link to an information page that provides details about the sample and its execution scenario (the "More Info" column in the table). You may download 10% of the packets from each traffic trace free of charge. If you find this resource useful and wish to download the full samples, we will ask for your email address and institutional affiliation to track the number of people interested in these files. This helps us maintain this repository and include more samples, as it demonstrates that the resource is valuable to the community. We will not send you any form of spam. We will only send you a link to download the full PCAP files. To cite this repository, include the shared link in your paper, cite the repository hosted on IEEE dataPort (here), and/or cite this article which provides a more detailed explanation of the repository. We also provide a text file that describes all input/output operations present in the SMB traffic. To extract this information from the large PCAP files, we developed custom software.