![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| AhMyth.zip | 2020-11-18 09:17 | 38M | |
| AndroRat.zip | 2020-11-18 09:16 | 30M | |
| AndroidTester.zip | 2020-11-18 09:13 | 77M | |
| DroidJack.zip | 2020-11-18 09:15 | 55M | |
| HawkShaw.zip | 2020-11-18 09:17 | 75M | |
| RAT01-AndroidTester/ | 2021-05-07 10:19 | - | |
| RAT02-DroidJack/ | 2021-03-09 15:39 | - | |
| RAT03-HawkShaw/ | 2021-03-09 15:46 | - | |
| RAT04-SpyMax/ | 2021-03-09 16:00 | - | |
| RAT05-AndroRat/ | 2021-03-09 15:46 | - | |
| RAT07-AhMyth/ | 2021-03-09 16:00 | - | |
| README.html | 2021-05-07 10:19 | 2.3K | |
| README.md | 2020-12-01 09:50 | 2.1K | |
| SpyMax.zip | 2020-11-18 09:16 | 83M | |
Name: Android Mischief Dataset Version: v1 Publication Date: November 18th, 2020 Author: Kamila Babayeva, kamifai14@gmail.com, @_kamifai_ Website: https://www.stratosphereips.org/blog/2020/11/10/android-mischief-rats-dataset
Dataset Description:
The Android Mischief Dataset is a dataset of network traffic from mobile phones infected with Android Remote Access Trojans (RATs). Its goal is to offer the community the dataset to learn and analyze the network behaviour of RATs and propose new detections. Current version of the dataset includes 8 packet captures from 8 executed Android RATs. Android Mischief Dataset was done in the Stratosphere Laboratory, Czech Technical University in Prague.
RATs executed: RAT01 - Android Tester v.6.4.6 RAT02 - DroidJack v4.4 RAT03 - HawkShaw RAT04 - SpyMAX v2.0 RAT05 - AndroRAT RAT06 - Saefko Attack Systems (SAS) RAT07 - AhMyth
Dataset files for each executed RAT: README.md - the name of executed RAT, details of the RAT execution environment, details of the pcap (client's IP and port, server's IP and port, time of the infection). apk - apk generated by the RAT's builder. log - very detailed and specific time log of all the actions performed in the client and the server during the experiment, such as taking a picture. pcap - network traffic captured on the victim's device screenshots - a folder with screenshots of the mobile device and controller while performing the actions on the client and server.
The phone was using the Emergency VPN (https://www.civilsphereproject.org/emergency-vpn) to capture its traffic. All captures were done in CEST time (GMT+2). Which means that your tools looking at the pcap files may show a different time depending on your time zone. Since the time of capture inside the pcap file is 000000, then if you are in timezone GMT+1, you will see in your tools the packets with 1hs less of when they were captured. The real capture time is in the log file.
Contacts If you have any questions or you want source code of RATs and their requirements, do not hesitate to contact me kamifai14@gmail.com.