CTU-Capture-Malicious-Malware-GPC-1-1
This data was generated as part of a research project by the Stratosphere Laboratory, AI Center, FEE, Czech Technical University in Prague, Czechia. The goal is to store long-lived real botnet traffic and generate labeled netflow files for academic research.
These captures were created by Sebastian Garcia and VojtÄ›ch UhlĂĹ™. The captures were curated and verified in 2024 by Veronica Valeros. Contact us at stratosphere@aic.fel.cvut.cz, sebastian.garcia@agents.fel.cvut.cz.
Citation
Cite as: Garcia, Sebastian, and UhlĂĹ™, VojtÄ›ch. (2013). CTU-Capture-Malicious-Malware-GPC-1-1: a labeled dataset of real malicious network traffic [Data set] Zenodo. https://doi.org/10.5281/zenodo.10546994
Dataset specifications
- Dataset name: CTU-Capture-Malicious-Malware-GPC-1-1
- Dataset description: This dataset contains network traffic Windows VM (Win8)
- Dataset duration: 26 days
- Endpoint model: Windows VM
- Endpoint private IP: 10.0.2.22
- Endpoint public IP: N/A
- Endpoint default GW: 10.0.2.2
- Malware threat label: zbot
- Malware SHA256: 8330196e9f62ab96fde8d184d7629d73cd30127dc65050c7c55d586ce367c9c8
- Malware First Submission to Virus Total: 2013-08-17
- Number of days from first submission to VT to execution: 19 days
Dataset file description
The following files are included in the dataset:
- raw/
- .pcap: original packet capture file in pcap format
- zeek/
- conn.log.labeled
- Additional Zeek logs depending on the network traffic of each capture
- artifacts/
- labels.config: netflow labeler rule configuration file
- bin/
- .zip: malicious executable compressed with password “infected”
- README.md: Markdown README
- README.html: HTML README
Dataset timeline
- Capture started on: Thu Sep 5 15:40:07 CEST 2013
- Capture stopped on: Tue Oct 1 13:37:58 CEST 2013
Labels
This dataset was labeled by hand by security experts by analyzing the traffic and creating labeling rules. The program used was https://github.com/stratosphereips/netflowlabeler. The labels rules in the file labels.config, condense all the information needed to understand the labels in this capture.