Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Overview

Pestilence - The Malware Database

Contributions Welcome HitCount [GitHub stars] made-with-python

Logo

Screenshot

Screenshot

Pestilence is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. Pestilence was born by Err0r_HB and is now maintained by Hackboyz Team.

Pestilence is open and welcoming visitors!

If you are about to interact with our community please make sure to read our CODE-OF-CONDUCT.md prior to doing so. If you plan to contribute, first - thank you. However, do make sure to follow the standards on CONTRIBUTING.md.

Disclaimer

Pestilence's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.

Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!

Getting Started

Clone the repository with git clone https://www.github.com/Err0r-ICA/Pestilence. Go to the directory and run pip install --user -r requirements.txt. This should install all latest requirements needed. In total can be "scripted" like so:

git clone https://www.github.com/Err0r-ICA/Pestilence
cd Pestilence
pip install --user -r requirements.txt

Start by running the console:

python2 Pestilence

License

Pestilence - the most awesome free malware database on the air Copyright (C) 2015-2021, Err0r_HB - Hackboyz Team

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

You can also find more information in LICENSE.md.

License section does not apply to any of malicious samples in Pestilence's repository which includes samples and source code, reversed or otherwise.

Documentation and Notes

Background

Pestilence's objective is to offer a fast and easy way of retrieving malware samples and source code in an organized fashion in hopes of promoting malware research.

Root Files

Since version 0.42 Pestilence has been undergoing dramatic changes. It now runs in both CLI and ARGVS modes. You can call the program with the same command line arguments as before. The current default state of Pestilence runtime is the CLI. The following files and directories are responsible for the application's behaviour.

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malwares/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.

Directory Structure:

Each directory is composed of 4 files:

  • Malware files in an encrypted ZIP archive.
  • SHA256 sum of the 1st file.
  • MD5 sum of the 1st file.
  • Password file for the archive.

Bugs and Reports

The repository holding all files is currently https://github.com/Err0r-ICA/Pestilence

Submit Malware

Get the file you want to submit and just run python prep_file.py file_tosubmit.exe. It will create a directory for you. Then just submit that along with the changes to the conf/maldb.db so that we know which malware it is.

Change Log for v0.60:

  • Moved DB to SQLite3.
  • Searching overhaul to a freestyle fashion.
  • Fixed "get" command.
  • More & more malwares.

Change Log for v0.50:

  • Better and easier UI.
  • Aligned printing of malwares.
  • Command line arguments are now working.
  • Added 10 more malwares (cool ones) to the DB.

Change Log for v0.42:

  • Fix EULA for proper disclaimer.
  • More precise searching and indexing including platform and more.
  • Added 10 new malwares.
  • Git update of platform and new malware.
  • Fix display of search.
  • Enable support for platform and architecture in indexing.
  • Separate between database and application.
  • UI improvements.

Change Log for v0.43:

  • Verify argv to be working properly. (fixes in v0.5)
  • Virus-Total upload and indexing module. - Not possible due to restrictions of VT.
  • Automatic reporting system for malwares which are not indexed in the framework.

Change Log for v0.50:

  • Malware analysis pack has been removed to reduce clone size.
  • More documentation has been added.
  • Removed debugging function which were dead in the code.

Predicted Change Log for v1.0

  • Fix auto-complete for malware frameworks. (thanks to 5fingers)
  • Consider changing DB to XML or SQLite3. (Sheksa - done :))
  • Better UI features.
  • Fix and make 'light' version without malwares with _MalwareFetch function.

Hopeful

  • A GUI.
  • Package releases.

If you have any suggestions or malware that you have indexed (in the manner laid out in the documentation) please send it to us to - Pestilence-submissions [a-t] morirt [.d0t.] com - so we can add it for everyone's enjoyment.

My Accounts

You might also like...
Password database With special stuff

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password database, that can encrypt, decrypt files, and generate Passwords, pin codes, and encryption keys. It took me about 4 - 6 months to make (Total I spent like 2 - 3 making it, but there were a lot of times where I did not work on the program) It is not 100% fine-tuned, but it works very well as is.

Virus-Builder - This tool will generate a virus that can only destroy Windows computer
Virus-Builder - This tool will generate a virus that can only destroy Windows computer

Virus-Builder - This tool will generate a virus that can only destroy Windows computer. You can also configure to auto run in usb drive

🐛 SSH self spreading worm written in python3 to propagate a botnet.
🐛 SSH self spreading worm written in python3 to propagate a botnet.

Mirkat SSH self spreading worm written in python3 to propagate a botnet. Install tutorial. cd ./script && sh setup.sh Support me. ⚠️ If this reposito

WormMovementSimulation - 3D Simulation of Worm Body Movement with Neurons attached to its body
WormMovementSimulation - 3D Simulation of Worm Body Movement with Neurons attached to its body

Generate 3D Locomotion Data This module is intended to create 2D video trajector

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

SARA - Simple Android Ransomware Attack
SARA - Simple Android Ransomware Attack

SARA - Simple Android Ransomware Attack Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can cu

Ransomware leak site monitoring
Ransomware leak site monitoring

RansomWatch RansomWatch is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites, store the data

Vaccine for STOP/DJVU ransomware, prevents encryption

STOP/DJVU Ransomware Vaccine Prevents STOP/DJVU Ransomware from encrypting your files. This tool does not prevent the infection itself. STOP ransomwar

pybotnet -   A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel
pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

A Python3 discord trojan, utilizing discord webhooks for sending information.

Vape-Lite-RAT A Python3 discord trojan, utilizing discord webhooks for sending information. What you do with this code / project / idea is non of my b

CNKD - Minimalistic Windows ransomware written in Python

CNKD Minimalistic Windows ransomware written in Python (Still a work in progress

Source code of our TTH paper: Targeted Trojan-Horse Attacks on Language-based Image Retrieval.
Source code of our TTH paper: Targeted Trojan-Horse Attacks on Language-based Image Retrieval.

Targeted Trojan-Horse Attacks on Language-based Image Retrieval Source code of our TTH paper: Targeted Trojan-Horse Attacks on Language-based Image Re

APT-Hunter is Threat Hunting tool for windows event logs

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

A python package for your Kali Linux distro that find the fastest mirror and configure your apt to use that mirror

Kali Mirror Finder Using Single Python File A python package for your Kali Linux distro that find the fastest mirror and configure your apt to use tha

Automatic picture transmission(APT) protocol decoder for NOAA weather satellites
Automatic picture transmission(APT) protocol decoder for NOAA weather satellites

Automatic picture transmission(APT) decoder Automatic picture transmission protocol is used by NOAA satellites. They constantly send a frequency modul

A wrapper for the apt package manager.

A wrapper for the apt package manager.

Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt
Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

ma2tl (mac_apt to timeline) This is a DFIR tool for generating a macOS forensic

A simple tool to utilize the basic functionality of the Private API From Virus Total

Welcome To VT-SCAN (viurs total api) Information This is a simple tool to utilize the basic functionality of the Private API From Virus Total. with th

Owner
*ERR0R*
*ERR0R*
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
SARA - Simple Android Ransomware Attack

SARA - Simple Android Ransomware Attack Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can cu

Termux Hackers 99 Jan 4, 2023
pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

</oNion 181 Jan 2, 2023
Tool ini berfungsi untuk membuat virus secara instan

vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

OneTXz 3 Jun 5, 2022
AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not. The program requests the hash of the file and outputs information (if any). This version will output: the file type, names seen in the wild, the number of security vendors that have flagged it as malicious, undetected, and unable to process the file.

Kirk 1 Jan 3, 2022
Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

H-Tech-Dev36 1 Jan 6, 2022
The Linux defender anti-virus software ported to work on CentOS Linux.

By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afrikaans |

Sean P. Myrick V19.1.7.2 2 Sep 12, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 8, 2023
Open Source Tool - Cybersecurity Graph Database in Neo4j

GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

Adamantios - Marios Berzovitis 27 Dec 6, 2022
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022